Concept Guide
Table Of Contents
- About this Guide
- Instant CLI
- a-channel
- a-external-antenna
- aaa test-server
- aeroscout-rtls
- airgroup
- airgroupservice
- airwave-rtls
- ale-report-interval
- ale-server
- alg
- allow-new-aps
- allowed-ap
- ams-backup-ip
- ams-identity
- ams-ip
- ams-key
- apply
- arm
- attack
- auth-failure-blacklist-time
- auth-survivability cache-time-out
- blacklist-client
- blacklist-time
- calea
- cellular-uplink-profile
- clear airgroup state statistics
- clear
- clear-cert
- clock set
- clock summer-time
- clock timezone
- commit
- configure terminal
- console
- content-filtering
- convert-aos-ap
- copy
- deny-inter-user-bridging
- deny-local-routing
- device-id
- disable-prov-ssid
- disconnect-user
- dot11a-radio-disable
- dot11g-radio-disable
- download-cert
- dpi
- dpi-error-page-url
- dynamic-cpu-mgmt
- dynamic-radius-proxy
- enet-vlan
- enet0-bridging
- enet0-port-profile
- enet1-port-profile
- enet2-port-profile
- enet3-port-profile
- enet4-port-profile
- extended-ssid
- factory-ssid-enable
- firewall-external-enforcement
- g-channel
- g-external-antenna
- gre per-ap-tunnel
- gre primary
- gre type
- help
- hostname
- hotspot anqp-3gpp-profile
- hotspot anqp-domain-name-profile
- hotspot anqp-ip-addr-avail-profile
- hotspot anqp-nai-realm-profile
- hotspot anqp-nwk-auth-profile
- hotspot anqp-roam-cons-profile
- hotspot anqp-venue-name-profile
- hotspot h2qp-conn-cap-profile
- hotspot h2qp-oper-name-profile
- hotspot h2qp-oper-class-profile
- hotspot h2qp-wan-metrics-profile
- hotspot hs-profile
- iap-master
- ids
- ignore-image-check
- inactivity-ap-timeout
- inbound-firewall
- internal-domains
- ip-address
- ip dhcp
- ip dhcp pool
- l2tpv3 session
- l2tpv3 tunnel
- l3-mobility
- led-off
- logout
- managed-mode-profile
- managed-mode-sync-server
- mesh
- mgmt-accounting
- mgmt-auth-server
- mgmt-auth-server-load-balancing
- mgmt-auth-server-local-backup
- mgmt-user
- mtu
- name
- ntp-server
- opendns
- organization
- ping
- pppoe-uplink-profile
- proxy
- reload
- remove-blacklist-client
- restrict-corp-access
- restricted-mgmt-access
- rf dot11a-radio-profile
- rf dot11g-radio-profile
- rf-band
- rft
- routing-profile
- show 1xcert
- show about
- show access-rule
- show access-rule-all
- show acl
- show airgroup
- Description
- Syntax
- Usage Guidelines
- Example
- show airgroup blocked-queries
- show airgroup blocked-service-id
- show airgroup cache entries
- show airgroup cppm auth server non-coa-only
- show airgroup cppm auth server coa-capable
- show airgroup cppm server
- show airgroup cppm entries
- show airgroup debug statistics
- show airgroup internal-state statistics
- show airgroup servers
- show airgroup status
- show airgroup swarm-info
- show airgroup users
- Command History
- Command Information
- show airgroupservice
- show airgroupservice-ids
- show ale
- show alert global
- show alg
- show allowed-aps
- show all monitor
- show amp-audit
- show ap-alert
- show ap-env
- show aps
- show ap allowed-channels
- show ap allowed-max-EIRP
- show ap arm
- show ap association
- show ap bss-table
- show ap cacert
- show ap client-match-history
- show ap client-match-live
- show ap client-probe-report
- show ap client-match-refused
- show ap client-match-triggers
- show ap client-view
- show ap debug airwave
- show ap debug airwave-config-received
- show ap debug airwave-data-sent
- show ap debug airwave-events-pending
- show ap debug airwave-restore-status
- show ap debug airwave-signon-key
- show ap debug airwave-state
- show ap debug airwave-stats
- show ap debug am-config
- show ap debug auth-trace-buf
- show ap debug client-match
- show ap debug client-stats
- show ap debug client-table
- show ap debug client-frame-history
- show ap debug crash-info
- show ap debug dhcp-packets
- show ap debug dot1x-statistics
- show ap debug driver-config
- show ap debug mgmt-frames
- show ap debug persistent-clients
- show ap debug radio-stats
- show ap debug radius-statistics
- show ap debug rfc3576-radius-statistics
- show ap debug shaping-table
- show ap debug spanning-tree
- show ap debug stm-config
- show ap debug stm-role
- show ap debug system-status
- show ap debug tacacs-statistics
- show ap dot11k-beacon-report
- show ap dot11k-nbrs
- show ap flash-config
- show ap mesh counters
- show ap mesh link
- show ap mesh neighbors
- show ap monitor
- Description
- Syntax
- Examples
- show ap monitor active-laser-beams
- show ap monitor ap-list
- show ap monitor ap-wired-mac
- show ap monitor arp-cache
- show ap monitor containment-info
- show ap monitor enet-wired-mac
- show ap monitor ids-state
- show ap monitor pot-ap-list
- show ap monitor pot-sta-list
- show ap monitor routers
- show ap monitor scan-info
- show ap monitor state
- show ap monitor stats
- show ap monitor status
- Command History
- Command Information
- show ap pmkcache
- show ap virtual-beacon-report
- show app-services
- show arm-channels
- show arm config
- show arp
- show attack
- show auth-survivability
- show backup-config
- show blacklist-client
- show calea config
- show calea statistics
- show captive-portal
- show captive-portal-domains
- show cellular
- show cert all
- show clients
- show clock
- show configuration
- show config-status
- show console-settings
- show country-codes
- show cpcert
- show cpu
- show datapath
- show delta-config
- show derivation-rules
- show dhcp-allocation
- show dhcpc-opts
- show dhcps config
- show dhcp subnets
- show distributed-dhcp-branch-counts
- show domain-names
- show dpi
- show dpi-error-page-url
- show dpi-stats
- show election
- show external-captive-portal
- show facebook
- show fault
- show ids
- show ids-detection config
- show ids-protection config
- show image
- show inbound-firewall-rules
- show interface counters
- show ip dhcp database
- show ip igmp
- show ip interface brief
- show ip route
- show lacp status
- show l2tpv3 config
- show l2tpv3 global
- show l2tpv3 session
- show l2tpv3 system
- show l2tpv3 tunnel
- show l3-mobility
- show ldap-servers
- show log ap-debug
- show log apifmgr
- show log convert
- show log debug
- show log driver
- show log kernel
- show log l3-mobility
- show log network
- show log pppd
- show log rapper
- show log sapd
- show log security
- show log system
- show log upgrade
- show log user
- show log user-debug
- show log vpn-tunnel
- show log wireless
- show memory
- show mgmt-user
- show network
- show network-summary
- show opendns
- show port status
- show pppoe
- show process
- show proxy config
- show radio config
- show radius-servers support
- show radius status
- show radseccert
- show running-config
- show snmp-configuration
- show snmp trap-queue
- show spectrum-alert
- show stats
- show subscription-aps
- show summary
- show swarm
- show supported-cert-formats
- show syslog-level
- show tacacs-servers
- show tech-support
- show tspec-calls
- show uncommitted-config
- show upgrade info
- show uplink
- show uplink-vlan
- show usb status
- show users
- show valid-channels
- show version
- show vpn
- show walled-garden
- show wifi-uplink
- show wired-port
- show wired-port-settings
- show wispr config
- show xml-api-server
- snmp-server
- subscription-ap
- subscription-ap-enable
- swarm-mode
- syslocation
- syslog-level
- syslog-server
- telnet
- telnet-server
- terminal-access
- tftp-dump-server
- traceroute
- upgrade-image
- uplink
- uplink-vlan
- usb-port-disable
- user
- version
- virtual-controller-country
- virtual-controller-dnsip
- virtual-controller-ip
- virtual-controller-key
- virtual-controller-vlan
- vpn backup
- vpn fast-failover
- vpn gre-outside
- vpn hold-time
- vpn ikepsk
- vpn monitor-pkt-lost-cnt
- vpn monitor-pkt-send-freq
- vpn preemption
- vpn primary
- vpn reconnect-time-on-failover
- vpn reconnect-user-on-failover
- web-server
- wifi0-mode
- wifi1-mode
- wired-port-profile
- wlan access-rule
- wlan auth-server
- wlan captive-portal
- wlan external-captive-portal
- wlan ldap-server
- wlan ssid-profile
- wlan sta-profile
- wlan tacacs-server
- wlan walled-garden
- wlan wispr-profile
- write
- xml-api-server
- zonename
- Terminology
150 | ids Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | CLI Reference Guide
Parameter Description Range Default
wireless-containment
<type>
Enable wireless containment including
Tarpit Shielding.
Tarpit shielding works by steering a
client to a tarpit so that the client
associates with it instead of the AP that
is being contained.
l deauth-only— Enables Containment
using deauthentication only .
l none— Disables wireless
containment.
l tarpit-all-sta—Enables wireless
containment by tarpit of all stations.
l tarpit-non-valid-sta— Enables
wireless containment by tarpit of
non-valid clients
deauth-only,
none, tarpit-
all-sta, tarpit-
non-valid-sta
deauth-only
no…
Removes configuration settings for
parameters under the ids command.
— —
no ids
Removes IDSconfiguration. — —
Usage Guidelines
Use this command to configure Intrusion Detection System (IDS) detection and protection policies. The IDS
feature monitors the network for the presence of unauthorized W-IAPs and clients and enables you to detect
rogue APs, interfering APs, and other devices that can potentially disrupt network operations. It also logs
information about the unauthorized W-IAPs and clients, and generates reports based on the logged
information.
Wireless Intrusion Protection (WIP) offers a wide selection of intrusion detection and protection features to
protect the network against wireless threats. Like most other security-related features of the Dell network, the
WIP can be configured on the W-IAP.
You can configure the following policies:
l Infrastructure Detection Policies— Specifies the policy for detecting wireless attacks on access points
l Client Detection Policies— Specifies the policy for detecting wireless attacks on clients
l Infrastructure Protection Policies— Specifies the policy for protecting access points from wireless attacks.
l Client Protection Policies— Specifies the policy for protecting clients from wireless attacks.
l Containment Methods— Prevents unauthorized stations from connecting to your Instant network.
Each of these options contains several default levels that enable different sets of policies. An administrator can
customize enable or disable these options accordingly. The following levels of detection can be configured:
l Off
l Low
l Medium
l High