CLI Reference Guide
290 | ids general-profile Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide
Parameter Description
Ran-
ge
Defa-
ult
wired-containment
Enable containment from the
wired side.
true
false
false
wired-containment-ap-adj-mac
Enable/disable wired
containment of MACs offset
by one from APs BSSID.
true
false
false
wired-containment-susp-l3-rogue
The basic wired containment
feature enabled using the
"wired-containment" on page
290 command contains layer-
3 APs whose wired interface
MAC addresses are either the
same as (or one character off
from) their BSSIDs. This
feature can also identify and
contain an AP with a preset
wired MAC address that is
completely different from the
AP’s BSSID if the the MAC
address that the AP provides
to wireless clients as the
‘gateway MAC’ is offset by
one character from its wired
MAC address.
NOTE: This feature requires
that the following wired-
containment parameter in
the ids general-profile is also
enabled, and that the
confidence level of the
suspected rogue exceeds the
level configured by the
suspect-rogue-containment
and suspect-rogue-conf-level
parameters in the ids
unauthorized-device-profile.
true false
wireless-containment [deauth-only | none | tarpit-
all-sta | tarpit-non-valid-sta]
Enable wireless containment
including Tarpit Shielding.
Tarpit shielding works by
steering a client to a tarpit so
that the client associates with
it instead of the AP that is
being contained.
deauth-only—Containment
using deauthentication only
none—Disable wireless
containment
tarpit-all-sta—Wireless
containment by tarpit of all
stations
tarpit-non-valid-sta—
Wireless containment by
tarpit of non-valid clients
—
deau-
th-
only
wireless-containment-debug
Enable/disable debug of
containment from the
true
false
false