User's Guide
Table Of Contents
- Table of Contents
- Preface
- Introduction
- Extreme AirDefense New User Experience
- Dashboard
- View Dashboard
- Create a Dashboard
- Manage Your Dashboard
- Delete the Dashboard
- Dashboard Widgets
- WIPS Widgets
- Widget - Top Criticalities
- Widget - Top Security Alarms
- Widget - Top Wireless Exploits
- Widget - Top Wireless Extrusions
- Widget - Top Vulnerabilities
- Widget - Severity by Device
- Widget - Severity by Tree Level
- Widget - Rogue Access Points
- Widget - Recent Rogue Events
- Widget - Anomalies
- Widget - Top BT Security Alarms
- Widget - BT Security Threat By Category
- Widget - BT Security Threat by Tree Level
- STATs Widgets
- COMPLIANCE Widgets
- WIPS Widgets
- Network View
- Alarm View
- Configuration
- Appliance Management
- Appliance Settings
- Backup / Restore Status
- Certificate / Key Validation
- Certificate Manager
- Configuration Backup
- Configuration Clear
- Configuration Restore
- Download Logs
- Language
- Login / SSH Banners
- Redundant Appliance Sync
- Structure Configuration
- Auto-Placement Rules
- Discovery Profile and Polling Configuration
- Communication Profile
- Security Profile
- Alarm Action Manager
- Device Action Manager
- Sensor Manager
- Alarm Configuration
- Wired Network Monitoring
- Performance Profile
- Environment Monitoring
- Client Types
- Appliance Settings
- Device Age Out
- Configuration Backup
- Forensic and Log Backup
- Configuration Restore
- Download Logs
- Redundant Appliance Synchronization
- Configuration Clear
- Language Settings
- License Management
- User Management
- Relay Server
- System Settings
- Appliance Management
- System Overview
- AirDefense in Standalone Mode
- System Components
- System Requirements
- Version Compatibility for Upgrade
- Connecting to Hardware Appliance
- Configuring the Appliance
- System Configuration
- Selecting and Deploying APs and Sensors
- Connecting to the Network
- Assigning User Interfaces
- Basic Navigation
- Alarm Time Reporting
- Extreme AirDefense on Virtual Platform
- Menu
- AirDefense Dashboard
- Network Tab
- Capabilities with a Central Management License
- Select-Network View
- Network Devices
- Association Tree
- Network Graph
- Network Filters
- Actions Menu
- Actions Descriptions
- Advanced Search
- Alarms
- Configuration Tab
- Search
- Appliance Platform
- Security & Compliance
- Network Assurance
- Infrastructure Management
- Operational Management
- Alarm Action Manager
- Alarm Configuration
- Client Types
- Device Action Manager
- Device Age Out
- Job Status
- Location Based Services
- Location Subscriber Profiles
- Pending State - Audit
- Sensor Only Settings
- Sensor Operation
- Appliance Management
- Appliance Settings
- Backup / Restore Status
- Certificate / Key Validation
- Certificate Manager
- Configuration Backup
- Configuration Clear
- Configuration Restore
- Download Logs
- Language
- Login / SSH Banners
- Redundant Appliance Sync
- Account Management
- Drop-down Menu Access
- DevicesDrop-down Menu
- Device Functions Requiring More Explanation
- Network Level Drop-down Menus
- Global Tools
- Floor Plan Actions
- Floor Manipulation Tools
- Unplaced Devices Level Drop-down Menu
- Security
- WLAN Management
- Central Management Console
- ADSPAdmin
- Accessing the ADSPadmin Console
- Manage System
- Manage the Database
- Software
- Configure AirDefense
- Configure IDS
- IP Address Configuration
- IPv6
- NETPORT
- DNS Configuration
- Bonding Configuration
- hname Configuration
- dname Configuration
- Time Configuration
- Time Zone Configuration
- NTP Configuration
- PING Config
- SNMP Agent Configuration
- SNMP Community String Configuration
- SNMP Trap Configuration
- HTTP Configuration
- PANIC Configuration
- UIPORT Configuration
- Troubleshooting
- AirDefense Icons
- Legacy Content
- Menu
- AirDefense Dashboard
- Network Tab
- Capabilities with a Central Management License
- Select-Network View
- Network Devices
- Association Tree
- Network Graph
- Network Filters
- Actions Menu
- Actions Descriptions
- Advanced Search
- Alarms
- Configuration Tab
- Search
- Appliance Platform
- Security & Compliance
- Network Assurance
- Infrastructure Management
- Operational Management
- Alarm Action Manager
- Alarm Configuration
- Client Types
- Device Action Manager
- Device Age Out
- Job Status
- Location Based Services
- Location Subscriber Profiles
- Pending State - Audit
- Sensor Only Settings
- Sensor Operation
- Appliance Management
- Appliance Settings
- Backup / Restore Status
- Certificate / Key Validation
- Certificate Manager
- Configuration Backup
- Configuration Clear
- Configuration Restore
- Download Logs
- Language
- Login / SSH Banners
- Redundant Appliance Sync
- Account Management
- Drop-down Menu Access
- DevicesDrop-down Menu
- Device Functions Requiring More Explanation
- Network Level Drop-down Menus
- Global Tools
- Floor Plan Actions
- Floor Manipulation Tools
- Unplaced Devices Level Drop-down Menu
- Security
- WLAN Management
- Central Management Console
- ADSPAdmin
- Accessing the ADSPadmin Console
- Manage System
- Manage the Database
- Software
- Configure AirDefense
- Configure IDS
- IP Address Configuration
- IPv6
- NETPORT
- DNS Configuration
- Bonding Configuration
- hname Configuration
- dname Configuration
- Time Configuration
- Time Zone Configuration
- NTP Configuration
- PING Config
- SNMP Agent Configuration
- SNMP Community String Configuration
- SNMP Trap Configuration
- HTTP Configuration
- PANIC Configuration
- UIPORT Configuration
- Troubleshooting
- AirDefense Icons
- Glossary
Threshold Description
Low Speed Frames % 802.11 protocols operate on a shared medium and use collision
avoidance mechanism to access this medium. Excessive use of
lower rates for transmitting frames is likely caused by stations
which are either misconfigured to use lower rates or are too far
from the APs to be able to support higher rates and cause alarms to
be generated.
Enter the maximum percentage of data per minute allowed for low
speed frames to be transmitted or received from all stations. If
AirDefense detects a greater number, it generates an alarm.
Default = 0.
Layer 3 Multicast Frames % An alarm that is generated when the system has detected a high
percentage of multicast trac violating the policy thresholds. This
may be a result of potential Layer 3 broadcast storm attacks on the
network.
Enter the maximum percentage of data per minute allowed for
multicast frames to be transmitted or received within a BSS from all
stations. If AirDefense detects a greater number, it generates an
alarm.
Default = 0.
Layer 3 Broadcast Frames % An alarm that is generated when the system has detected a high
percentage of broadcast trac violating the policy thresholds. This
may be a result of potential Layer 3 broadcast storm attacks on the
network.
Enter the maximum percentage of data per minute allowed for
broadcast frames to be transmitted or received within a BSS from
all stations. If AirDefense detects a greater number, it generates an
alarm.
Default = 0.
Retransmission Frames % Enter the maximum percentage of retransmitted data frames
allowed during a transmission of data within a BSS from all stations.
If AirDefense detects a greater number, it generates an alarm.
Default = 0.
PS Poll Frames Seen An alarm is generated by a DOS attack using an excessive number
of PS-POLL frames have been detected.
Enter the maximum number of PS Poll frames to be seen within a
BSS. If AirDefense detects a greater number, it generates an
alarm.Default = 0.
Wireless Clients Tab
The Wireless Clients tab is where you assign BSS thresholds that apply to any individual Wireless Client.
These thresholds will typically be lower than the aggregate Wireless Client thresholds. AirDefense
generates an alarm if any single Wireless Client reaches one of these thresholds. From these alarms, you
can identify the high bandwidth users, and the times they are using the network. You should base
Wireless Client thresholds on either the normal transmission rate for your wireless LAN, or on arbitrary
numbers designed to detect your high-bandwidth users..
Note
Entering a 0 (zero) for any threshold-type disables that specific alarm.
Configuration Tab Performance Profiles
Extreme AirDefense User Guide for version 10.5. 553