Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series Controller AOS
431432433434435436437438439440
433 | ids general-profile Dell Networking W-Series ArubaOS 6.4.x| User Guide
Parameter Description Range Default
wired-containment-ap-adj-mac
Enable/disable wired containment of
MACs offset by one from APs BSSID.
true
false
false
wired-containment-susp-l3-rogue
The basic wired containment feature
enabled using the wired-containment
command contains layer-3 APs whose
wired interface MAC addresses are
either the same as (or one character off
from) their BSSIDs. This feature can also
identify and contain an AP with a preset
wired MAC address that is completely
different from the AP’s BSSID if the MAC
address that the AP provides to wireless
clients as the ‘gateway MAC is offset by
one character from its wired MAC
address.
NOTE: This feature requires that the
following wired-containment parameter in
the ids general-profile is also enabled, and
that the confidence level of the suspected
rogue exceeds the level configured by the
suspect-rogue-containment and suspect-
rogue-conf-level parameters in the ids
unauthorized-device-profile.
true false
wireless-containment
deauth-only
none
tarpit-all-sta
tarpit-non-valid-sta
Enable wireless containment including
Tarpit Shielding. Tarpit shielding works
by steering a client to a tarpit so that the
client associates with it instead of the AP
that is being contained.
deauth-only—Containment using
deauthentication only.
none—Disable wireless containment.
tarpit-all-sta—Wireless containment by
tarpit of all stations.
tarpit-non-valid-sta—Wireless
containment by tarpit of non-valid
clients.
deaut
h-
only
wireless-containment-debug
Enable/disable debug of containment
from the wireless side.
Note: Enabling this debug option will
cause containment to not function
properly.
true
false
false
Usage Guidelines
This command configures general IDS profile attributes.
Example
The following command enables containment in the general IDS profile:
(host) (config) #ids general-profile floor7
(host) (IDS General Profile "floor7") #wired-containment
(host) (IDS General Profile "floor7") #wireless-containment tarpit-all-sta