Manualshelf

Concept Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series 304/305 Access Points
331332333334335336337338339340
333 | Intrusion Detection Dell Networking W-Series Instant 6.5.1.0-4.3.1.0 | User Guide
Containment Methods
You can enable wired and wireless containments to prevent unauthorized stations from connecting to your
Instant network.
Instant supports the following types of containment mechanisms:
l Wired containment—When enabled, W-IAPs generate ARP packets on the wired network to contain wireless
attacks.
n wired-containment-ap-adj-mac—Enables a wired containment to Rogue W-IAPs whose wired interface
MAC address is offset by one from its BSSID.
n wired-containment-susp-l3-rogue—Enables the users to identify and contain an W-IAP with a preset MAC
address that is different from the BSSID of the W-IAP, if the MAC address that the W-IAP provides is
offset by one character from its wired MAC address.
Enable the wired-containment-susp-l3-rogue parameter only when a specific containment is required, to
avoid a false alarm.
l Wireless containment—When enabled, the system attempts to disconnect all clients that are connected or
attempting to connect to the identified Access Point.
n NoneDisables all the containment mechanisms.
n Deauthenticate only—With deauthentication containment, the Access Point or client is contained by
disrupting the client association on the wireless interface.
n Tarpit containment—With Tarpit containment, the Access Point is contained by luring clients that are
attempting to associate with it to a tarpit. The tarpit can be on the same channel or a different channel
as the Access Point being contained.
Figure 98 Containment Methods