Installation guide
Switch Security 6-13
3. Select a detected MU and click the Delete button to remove it from the list of MUs you are tracking as
potential threats within the switch managed network.
4. Click on the Export button to export the contents of the table to a Comma Separated Values file (CSV).
6.4 Configuring Firewalls and Access Control Lists
An Access Control List (ACL) is a a sequential collection of permit and deny conditions that apply to switch
packets. When a packet is received on an interface, the switch compares the fields in the packet against any
Violation Type Displays the reason the violation occurred for each detected MU. Use the Violation
Type to discern whether the detected MU is truly a threat on the switch managed
network (and must be removed) or can be interpreted as a non threat. The
following violation types are possible:
• Excessive Probes
• Excessive Association
• Excessive Disassociation
• Excessive Authentication failure
• Excessive Crypto replays
• Excessive 802.11 replays
• Excessive Decryption failures
• Excessive Unassociated Frames
• Excessive EAP Start Frames
• Null destination
• Same source/destination MAC
• Source multicast MAC
• Weak WEP IV
• TKIP Countermeasures
• Invalid Frame Length
• Excessive EAP-NAKS
• Invalid 802.1x frames
• Invalid Frame Type
• Beacon with broadcast ESSID
• Frames with known bad ESSIDs
• Unencrypted traffic
• Frames with non-changing WEP IV
• Detect Adhoc Networks
• De-auth from broadcast smac
• Invalid Sequence Number
NOTE: The following violation types require the Access Port be in scan mode:
• Beacon with broadcast ESSID
• Frames with known bad ESSIDs
Time Remaining Displays the time remaining before the next filter activity. Detected MUs are
removed from the filtered list when they no longer violate the thresholds defined
within the Configuration tab.