Home > Motorola > Wireless > Motorola Wing 5 Manual

Motorola Wing 5 Manual

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual Motorola Wing 5 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 249 Motorola manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 1128
    Add page 1011 to Favourites
    image text
    Enable zoom 
    							WIPS-POLICY 22 - 7
• event enable-all-events
• event excessive [80211-replay-check-failure|aggressive-scanning|
auth-server-failures|decryption-failures|dos-assoc-or-auth-flood|
dos-eapol-start-storm |dos-unicast-deauth-or-disassoc|eap-flood|eap-nak-flood|
frames-from-unassoc-station] {filter-ageout []|threshold-client []|
threshold-radio []}
wellenreiter Tracks Wellenreiter events
filter-ageout  The following are common to all of the above client anomaly events:
 Optional. Configures the filter expiration interval in seconds
  – Sets the filter ageout interval from 0 - 86400 seconds. The default is
0 seconds.
enable-all-events Enables tracking of all intrusion events (client anomaly and excessive events)
excessive Enables the tracking of excessive events. Excessive events are actions performed 
continuously and repetitively
80211-replay-check-failure Tracks 802.11replay check failure
aggressive-scanning Tracks aggressive scanning events
auth-server-failures Tracks failures reported by authentication servers
decryption-failures Tracks decryption failures
dos-assoc-or-auth-flood Tracks DoS association or authentication floods
dos-eapol-start-storm Tracks DoS EAPOL start storms
dos-unicast-deauth-or-
disassocTracks DoS dissociation or deauthentication floods
eap-flood Tracks EAP floods
eap-nak-flood Tracks EAP NAK floods
frames-from-unassoc-station Tracks frames from unassociated clients
filter-ageout  Optional. Configures a filter expiration interval in seconds. It sets the duration for which 
the client is filtered. The client is added to a ACL as a special entry and frames received 
from this client are dropped.
  – Sets a filter ageout interval from 0 - 86400 seconds. The default is 0 
seconds.
threshold-client 
Optional. Configures a client threshold value after which the filter is triggered and an 
event is recorded
  – Sets a wireless client threshold value from 0 - 65535 seconds
threshold-radio 
Optional. Configures a radio threshold value after which the filter is triggered and an 
event is recorded
  – Sets a radio threshold value from 0 - 65535 seconds
    Add page 1012 to Favourites
    image text
    Enable zoom 
    							22 - 8 WiNG CLI Reference Guide
Examples
rfs7000-37FABE(config-wips-policy-test)#event excessive 80211-replay-check-failure 
filter-ageout 9 threshold-client 8 threshold-radio 99
rfs7000-37FABE(config-wips-policy-test)#event client-anomaly wellenreiter filter-
ageout 99
rfs7000-37FABE(config-wips-policy-test)#show context
wips-policy test
 event client-anomaly wellenreiter filter-ageout 99
 event excessive 80211-replay-check-failure threshold-client 8 threshold-radio 99 
filter-ageout 9
 ap-detection-ageout 50
 ap-detection-wait-time 15
rfs7000-37FABE(config-wips-policy-test)#
Related Commands
noDisables WIPS policy events
    Add page 1013 to Favourites
    image text
    Enable zoom 
    							WIPS-POLICY 22 - 9
22.1.4 history-throttle-duration
wips-policy
Configures the duration event duplicates are omitted from the event history
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
history-throttle-duration 
Parameters
• history-throttle-duration 
Examples
rfs7000-37FABE(config-wips-policy-test)#history-throttle-duration 77
rfs7000-37FABE(config-wips-policy-test)#show context
wips-policy test
 history-throttle-duration 3000
 event client-anomaly wellenreiter filter-ageout 99
 event excessive 80211-replay-check-failure threshold-client 8 threshold-radio 99 
filter-ageout 9
 ap-detection-ageout 50
 ap-detection-wait-time 15
Related Commands
history-throttle-duration 
Configures the duration event duplicates are omitted from the event history
  – Sets a value from 30 - 86400 seconds. The default is 120 seconds.
noResets the history throttle duration to its default
    Add page 1014 to Favourites
    image text
    Enable zoom 
    							22 - 10 WiNG CLI Reference Guide
22.1.5 no
wips-policy
Negates a command or resets configured settings to their default. When used in the config WIPS policy mode, the no 
command negates or resets filters and threshold values.
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
no [ap-detection|enable|event|history-throttle-duration|signature|use]
no [enable|history-throttle-duration]
no ap-detection [ageout|wait-time] []
no event [ap-anomaly|client-anomaly|enables-all-events|excessive]
no event ap-anomaly [ad-hoc-violation|airjack|ap-ssid-broadcast-in-beacon|asleap|
impersonation-attack|transmitting-device-using-invalid-mac|wireless-bridge]
no event client-anomaly [crackable-wep-iv-key-used|dos-broadcast-deauth|
fuzzing-all-zero-macs|fuzzing-invalid-frame-type|fuzzing-invalid-mgmt-frames|
fuzzing-invalid-seq-num|identical-src-and-dest-addr|invalid-8021x-frames|
netstumbler-generic|non-changing-wep-iv|tkip-mic-counter-measures|wellenreiter]
{filter-ageout []}
no event excessive [80211-replay-check-failure|aggressive-scanning|
auth-server-failures|decryption-failures|dos-assoc-or-auth-flood|
dos-eapol-start-storm |dos-unicast-deauth-or-disassoc|eap-flood|eap-nak-flood|
frames-from-unassoc-station] {filter-ageout []|
threshold-client []|threshold-radio []}
no signature 
no use device-categorization
Parameters
• no [enable|history-throttle-duration]
no enable Disables a WIPS policy from use with a wireless controller profile
no history-throttle-duration Resets the history throttle duration to its default. This is the duration event 
duplicates are omitted from the event history.
    Add page 1015 to Favourites
    image text
    Enable zoom 
    							WIPS-POLICY 22 - 11
• no ap-detection [ageout|wait-time] []
• no event ap-anomaly [ad-hoc-violation|airjack|ap-ssid-broadcast-in-beacon|
asleap|impersonation-attack|transmitting-device-using-invalid-mac|wireless-bridge]
• no event client-anomaly [crackable-wep-iv-key-used|dos-broadcast-deauth|
fuzzing-all-zero-macs|fuzzing-invalid-frame-type|fuzzing-invalid-mgmt-frames|
fuzzing-invalid-seq-num|identical-src-and-dest-addr|invalid-8021x-frames|
netstumbler-generic|non-changing-wep-iv|tkip-mic-counter-measures|wellenreiter]
{filter-ageout []}
no ap-detection Disables the detection of unauthorized or unsanctioned APs
ageout 
Resets the ageout interval of a rogue device to its default (300 seconds)
wait-time 
Resets the wait time period to its default (60 seconds)
no event Disables WIPS policy event tracking settings
ap-anomaly Disables AP anomaly event tracking
ad-hoc-violation Disables adhoc network violation event tracking
airjack Disables the tracking of AirJack attacks
ap-ssid-broadcast-in-beacon Disables the tracking of AP SSID broadcasts in beacon events
asleap Disables the tracking of ASLEAP attacks
impersonation-attack Disables the tracking of impersonation attacks
transmitting-device-using-
invalid-macDisables the tracking of invalid device MAC addresses
wireless-bridge Disables the tracking of wireless bridge frames
no event Disables WIPS policy event tracking settings
client-anomaly Disables client anomaly event tracking
crackable-wep-iv-key-used Disables the tracking of the use of a crackable WEP IV Key
dos-broadcast-deauth Disables DoS broadcast deauthentication event tracking
fuzzing-all-zero-macs Disables the tracking of Fuzzing: All zero MAC addresses observed
fuzzing-invalid-frame-type Disables the tracking of Fuzzing: Invalid frame type detected
fuzzing-invalid-mgmt-frames Disables the tracking of Fuzzing: Invalid management frame
fuzzing-invalid-seq-num Disables the tracking of Fuzzing: Invalid sequence number
identical-src-and-dest-addr Disables the tracking of identical source and destination addresses
invalid-8021x-frames Disables the tracking of Fuzzing: Invalid 802.1x frames
netstumbler-generic Disables Netstumbler (v3.2.0, 3.2.3, 3.3.0) event tracking
non-changing-wep-iv Disables unchanging WEP IV event tracking
    Add page 1016 to Favourites
    image text
    Enable zoom 
    							22 - 12 WiNG CLI Reference Guide
• no event excessive [80211-replay-check-failure|aggressive-scanning|
auth-server-failures|decryption-failures|dos-assoc-or-auth-flood|
dos-eapol-start-storm |dos-unicast-deauth-or-disassoc|eap-flood|eap-nak-flood|
frames-from-unassoc-station] {filter-ageout []|
threshold-client []|threshold-radio []}
• no signature 
tkip-mic-counter-measures Disables the tracking of TKIP MIC counter measures caused by a client
wellenreiter Disables Wellenreiter event tracking
filter-ageout 
The following are common to all of the above client anomaly events:
 Optional. Resets the filter expiration interval in seconds
  – Resets a filter ageout interval from 0 - 86400 seconds
no event Disables WIPS policy event tracking settings
excessive Disables the tracking of excessive events. Excessive events consist of actions that are 
performed continuously and repetitively
80211-replay-check-failure Disables the tracking of 802.11 replay check failure
aggressive-scanning Disables aggressive scanning event tracking
auth-server-failures Disables the tracking of failures reported by authentication servers
decryption-failures Disables the tracking of decryption failures
dos-assoc-or-auth-flood Disables DoS association or authentication flood tracking
dos-eapol-start-storm Disables the tracking of DoS EAPOL start storms
dos-unicast-deauth-or-
disassocDisables DoS disassociation or deauthentication flood tracking
eap-flood Disables the tracking of EAP floods
eap-nak-flood Disables the tracking of EAP NAKfloods
frames-from-unassoc-station Disables the tracking of frames from unassociated clients
filter-ageout 
Optional. Resets the filter expiration interval in seconds. It resets the duration for which 
a client is filtered. The client is added to a ACL as a special entry and frames received 
from this client are dropped.
  – Resets a filter ageout interval from 0 - 86400 seconds
threshold-client 
Optional. Resets a client threshold limit after which the filter is triggered and an event 
is recorded in events history
  – Resets a wireless client threshold limit from 0 - 65535 seconds
threshold-radio 
Optional. Resets a radio threshold limit after which an event is recorded to events 
history
  – Resets a radio threshold limit from 0 - 65535 seconds
no signature Deletes a WIPS policy signature
 Defines the unique name given to a WIPS policy signature
    Add page 1017 to Favourites
    image text
    Enable zoom 
    							WIPS-POLICY 22 - 13
• no use device-categorization
Usage Guidelines
The no command negates any command associated with it. Wherever required, use the same parameters associated with 
the command getting negated.
Examples
rfs7000-37FABE(config-wips-policy-test)#show context
wips-policy test
 history-throttle-duration 3000
 event client-anomaly wellenreiter filter-ageout 99
 event excessive 80211-replay-check-failure threshold-client 8 threshold-radio 99 
filter-ageout 9
 ap-detection-ageout 50
 ap-detection-wait-time 15
rfs7000-37FABE(config-wips-policy-test)#no history-throttle-duration
rfs7000-37FABE(config-wips-policy-test)#no event excessive 80211-replay-check-
failure threshold-client 8 threshold-radio 99 filter-ageout 9
rfs7000-37FABE(config-wips-policy-test)#show context
wips-policy test
 event client-anomaly wellenreiter filter-ageout 99
 no event excessive 80211-replay-check-failure threshold-client 8 threshold-radio 99 
filter-ageout 9
 ap-detection-ageout 50
 ap-detection-wait-time 15
Related Commands
no use Disables the use of a device categorization policy with this WIPS policy
device-categorization Resets the device categorization name to its default
ap-detectionEnables the detection of unauthorized or unsactioned access points
enableEnables a WIPS policy for use with a wireless controller profile
eventConfigures events, filters, and threshold values for a WIPS policy
history-throttle-durationConfigures the duration for which event duplicates are omitted from the event history
signatureConfigures a WIPS policy signature
useEnables the categorization of devices on this WIPS policy
    Add page 1018 to Favourites
    image text
    Enable zoom 
    							22 - 14 WiNG CLI Reference Guide
22.1.6 signature
wips-policy
Attack and intrusion patterns are identified and configured as signatures in a WIPS policy. The WIPS policy compares 
packets in the network with pre configured signatures to identify threats. When a threat is identified, the WIPS policy 
takes adequate actions.
signatureConfigures a WIPS policy signature
signature mode commandsSummarizes the signature mode commands
    Add page 1019 to Favourites
    image text
    Enable zoom 
    							WIPS-POLICY 22 - 15
22.1.6.1 signature
signature
Configures a WIPS policy signature
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
signature 
Parameters
• signature 
Examples
rfs7000-37FABE(config-wips-policy-test)#signature test
rfs7000-37FABE(config-test-signature-test)#
rfs7000-37FABE(config-test-signature-test)#show context
signature test
rfs7000-37FABE(config-test-signature-test)#
Related Commands
signature 
Configures a WIPS policy signature
  – Enter a name for the WIPS policy signature. Provide a 
unique name for the signature, which will distinguish it from other signatures with 
similar configurations. The name should not exceed 64 characters.
noDeletes a WIPS policy signature
    Add page 1020 to Favourites
    image text
    Enable zoom 
    							22 - 16 WiNG CLI Reference Guide
22.1.6.2 signature mode commands
signature
Table 22.2 summarizes signature commands
Table 22.2signature-mode commands
Commands Description Reference
bssidConfigures the BSSID MAC addresspage 22-17
dst-macConfigures the destination MAC addresspage 22-18
filter-ageoutConfigures the filter ageout intervalpage 22-19
frame-typeConfigures the frame type used for matchingpage 22-20
modeEnables or disables the signature modepage 22-22
payloadConfigures payload settingspage 22-23
src-macConfigures the source MAC addresspage 22-24
ssid-matchConfigures a match based on SSIDpage 22-25
threshold-clientConfigures the wireless client threshold limitpage 22-26
threshold-radioConfigures the radio threshold limitpage 22-27
noNegates a command or sets its defaultpage 22-28
clrscrClears the display screenpage 5-3
commitCommits (saves) changes made in the current sessionpage 5-4
doRuns commands from EXEC modepage 4-66
endEnds and exits the current mode and moves to the PRIV EXEC modepage 5-5
exitEnds the current mode and moves to the previous modepage 5-6
helpDisplays the interactive help systempage 5-7
revertReverts changes to their last saved configurationpage 5-13
serviceInvokes service commands to troubleshoot or debug 
(config-if) 
instance configurationspage 5-14
showDisplays running system informationpage 6-4
writeWrites the system running configuration to memory or terminalpage 5-42
    All Motorola manuals Comments (0)