Motorola Wing 5 Manual
Have a look at the manual Motorola Wing 5 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 249 Motorola manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 726
9 - 8 WiNG CLI Reference Guide
• deny [ap300|ap621|ap650|ap6511|ap6521|ap6532|ap71xx]
[cdp-match |dhcp-option |
fqdn |ip [ |]|lldp-match |
mac |model-number |
serial-number |vlan ]
Sets the device profile for this provisioning policy. The selected device profile must be
appropriate for the device being provisioned. For example, use an AP650 device profile
for an AP650. Using an inappropriate device profile can result in unpredictable results.
Sets the RF Domain for this auto provisioning policy....](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-725.png "Page 726
9 - 8 WiNG CLI Reference Guide
• deny [ap300|ap621|ap650|ap6511|ap6521|ap6532|ap71xx]
[cdp-match |dhcp-option |
fqdn |ip [ |]|lldp-match |
mac |model-number |
serial-number |vlan ]
Sets the device profile for this provisioning policy. The selected device profile must be
appropriate for the device being provisioned. For example, use an AP650 device profile
for an AP650. Using an inappropriate device profile can result in unpredictable results.
Sets the RF Domain for this auto provisioning policy....")
![Page 727
AUTO-PROVISIONING-POLICY 9 - 9
Examples
rfs7000-37FABE(config-auto-provisioning-policy-test)#deny AP7131 600 vlan 1
rfs7000-37FABE(config-auto-provisioning-policy-test)#deny AP7131 600 ip 172.16.10.1/
24
rfs7000-37FABE(config-auto-provisioning-policy-test)#show context
auto-provisioning-policy test
default-adoption
deny AP71XX 100 vlan 20
deny AP71XX 101 ip 172.16.11.0/24
Related Commands
ip [ |
]Adopts a device if it matches the range of IP addresses or is part of a subnet
– Specify the first IP...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-726.png "Page 727
AUTO-PROVISIONING-POLICY 9 - 9
Examples
rfs7000-37FABE(config-auto-provisioning-policy-test)#deny AP7131 600 vlan 1
rfs7000-37FABE(config-auto-provisioning-policy-test)#deny AP7131 600 ip 172.16.10.1/
24
rfs7000-37FABE(config-auto-provisioning-policy-test)#show context
auto-provisioning-policy test
default-adoption
deny AP71XX 100 vlan 20
deny AP71XX 101 ip 172.16.11.0/24
Related Commands
ip [ |
]Adopts a device if it matches the range of IP addresses or is part of a subnet
– Specify the first IP...")
![Page 728
9 - 10 WiNG CLI Reference Guide
9.1.4 no
auto-provisioning-policy
Negates an auto provisioning policy command or sets its default
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
no [adopt|default-adoption|deny]
no adopt
no deny
no default-adoption
Parameters
• no adopt
• no deny
• no default-adoption
Examples
rfs7000-37FABE(config-auto-provisioning-policy-test1)#no default-adoption...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-727.png "Page 728
9 - 10 WiNG CLI Reference Guide
9.1.4 no
auto-provisioning-policy
Negates an auto provisioning policy command or sets its default
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
no [adopt|default-adoption|deny]
no adopt
no deny
no default-adoption
Parameters
• no adopt
• no deny
• no default-adoption
Examples
rfs7000-37FABE(config-auto-provisioning-policy-test1)#no default-adoption...")
![Page 736
10 - 6 WiNG CLI Reference Guide
• event [dos-rts-flood|invalid-channel-advertized|invalid-management-frame] trigger-
against (neighboring,sanctioned,unsanctioned)
multicast-igrp-routers-detection This event occurs when a sanctioned device detects multicast Interior Gateway
Routing Protocol (IGRP) packets
multicast-ospf-all-routers-
detectionThis event occurs when a sanctioned device detects multicast Open Shortest Path
First (OSPF) packets
multicast-ospf-designated-
routers-detectionThis event occurs...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-735.png "Page 736
10 - 6 WiNG CLI Reference Guide
• event [dos-rts-flood|invalid-channel-advertized|invalid-management-frame] trigger-
against (neighboring,sanctioned,unsanctioned)
multicast-igrp-routers-detection This event occurs when a sanctioned device detects multicast Interior Gateway
Routing Protocol (IGRP) packets
multicast-ospf-all-routers-
detectionThis event occurs when a sanctioned device detects multicast Open Shortest Path
First (OSPF) packets
multicast-ospf-designated-
routers-detectionThis event occurs...")
CHAPTER 10 ADVANCED-WIPS-POLICY This chapter summarizes the advanced WIPS policy commands within the CLI structure. Use the (config) instance to configure advance WIPS policy commands. To navigate to the advanced WIPS policy instance, use the following commands: RFSSwitch(config)#advanced-wips-policy rfs7000-37FABE(config)#advanced-wips-policy test rfs7000-37FABE(config-advanced-wips-policy-test)#? Advanced WIPS policy Mode commands: event Configure event detection no Negate a command or set its defaults server-listen-port Configure local WIPS server listen port number terminate Add a device to the list of devices to be terminated use Set setting to use clrscr Clears the display screen commit Commit all changes made in this session do Run commands from Exec mode end End current mode and change to EXEC mode exit End current mode and down to previous mode help Description of the interactive help system revert Revert changes service Service Commands show Show running system information write Write running configuration to memory or terminal rfs7000-37FABE(config-advanced-wips-policy-test)#
10 - 2 WiNG CLI Reference Guide 10.1 advanced-wips-policy Table 10.1 summarizes advanced WIPS policy commands Table 10.1advanced-wips-policy commands Command Description Reference eventConfigures eventspage 10-3 noNegates a command or sets its defaultpage 10-10 server-listen-portSets a local WIPS server’s listening portpage 10-13 terminateAdds a device to a list of terminated devicespage 10-14 useDefines the settings used with the advanced WIPS policypage 10-15 clrscrClears the display screenpage 5-3 clrscrCommits (saves) changes made in the current sessionpage 5-4 doRuns commands from EXEC modepage 4-66 endEnds and exits the current mode and moves to the PRIV EXEC modepage 5-5 exitEnds the current mode and moves to the previous modepage 5-3 helpDisplays the interactive help systempage 5-7 revertReverts changes to their last saved configurationpage 5-13 serviceInvokes service commands to troubleshoot or debug (config-if) instance configurationspage 5-14 showDisplays running system informationpage 6-4 writeWrites information to memory or terminalpage 5-42
ADVANCED-WIPS-POLICY 10 - 3 10.1.1 event advanced-wips-policy Configures the detection of anomalous frames in a RF network Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax event [accidental-association|all|crackable-wep-iv-used|dos-cts-flood| dos-deauthentication-detection|dos-disassociation-detection| dos-eap-failure-spoof|dos-eapol-logoff-storm|dos-rts-flood| essid-jack-attack-detected|fake-dhcp-server-detected|fata-jack-detected| id-theft-eapol-success-spoof-detected|id-theft-out-of-sequence| invalid-channel-advertized|invalid-management-frame|ipx-detection| monkey-jack-attack-detected|multicast-all-routers-on-subnet| multicast-all-systems-on-subnet| multicast-dhcp-server-relay-agent| multicast-hsrp-agent|multicast-igmp-detection|multicast-igrp-routers-detection| multicast-ospf-all-routers-detection|multicast-ospf-designated-routers-detection| multicast-rip2-routers-detection|multicast-vrrp-agent|netbios-detection| null-probe-response-detected|probe-response-flood|rogue-ap-detection| stp-detection|unauthorized-bridge|windows-zero-config-memory-leak| wlan-jack-attack-detected] event accidental-association mitigation-enable event accidental-association trigger-against sanctioned event all trigger-all-applicable event [crackable-wep-iv-used|dos-deauthentication-detection|dos-disassociation- detection|dos-eap-failure-spoof|essid-jack-attack-detected|fake-dhcp-server- dected|fata-jack-detected|id-theft-eapol-success-spoof-detected|id-theft-out-of- sequence|ipx-detection|monkey-jack-attack-detected|multicast-all-routers-on- subnet|multicast-all-systems-on-subnet|multicast-dhcp-server-relay-agent|multicast- hsrp-agent|multicast-igmp-detection|multicast-igrp-routers-detection|multicast-ospf- all-routers-detection|multicast-ospf-designated-routers-detection|multicast-rip2- routers-detection|multicast-vrrp-agent|netbios-detection|null-probe-response- detected|stp-detection|windows-zero-config-memory-leak|wlan-jack-attack-detected] trigger-against sanctioned event [dos-rts-flood|invalid-channel-advertized|invalid-management-frame] trigger- against (neighboring,sanctioned,unsanctioned) event dos-cts-flood threshold [cts-frames-ratio |mu-rx-cts-frame event dos-cts-flood trigger-against (neighboring,sanctioned,unsanctioned)
10 - 4 WiNG CLI Reference Guide event dos-eapol-logoff-storm threshold [eapol-start-frames-ap |eapol-start- frames-mu event dos-eapol-logoff-storm trigger-against sanctioned event probe-response-flood threshold probe-rsp-frames-count event probe-response-flood trigger-against sanctioned event rogue-ap-detection mitigation-enable event rogue-ap-detection trigger-against (neighboring,sanctioned,unsanctioned) event unauthorized-bridge mitigation-enable event unauthorized-bridge trigger-against (neighboring,unsanctioned) Parameters • event accidental-association mitigation-enable • event accidental-association trigger-against sanctioned • event all trigger-all-applicable • event [crackable-wep-iv-used|dos-deauthentication-detection|dos-disassociation- detection|dos-eap-failure-spoof|essid-jack-attack-detected|fake-dhcp-server- dected|fata-jack-detected|id-theft-eapol-success-spoof-detected|id-theft-out-of- sequence|ipx-detection|monkey-jack-attack-detected|multicast-all-routers-on- subnet|multicast-all-systems-on-subnet|multicast-dhcp-server-relay-agent|multicast- hsrp-agent|multicast-igmp-detection|multicast-igrp-routers-detection|multicast-ospf- all-routers-detection|multicast-ospf-designated-routers-detection|multicast-rip2- routers-detection|multicast-vrrp-agent|netbios-detection|null-probe-response- detected|stp-detection|windows-zero-config-memory-leak|wlan-jack-attack-detected] trigger-against sanctioned accidental-association This event occurs when a client accidentally associates to a wireless controller mitigation-enable Enables the default mitigation of an accidental association event accidental-association This event occurs when a client accidentally associates to a wireless controller trigger-against sanctioned Sets the trigger condition sanctioned – The accidental association event is triggered against sanctioned devices all trigger-all-applicable Enables all events crackable-wep-iv-used This event occurs when a crackable WEP initialization vector is used The standard WEP64 uses a 40 bit key concatenated with a 24 bit initialization vector dos-deauthentication-detection This event occurs when a DoS Deauthentication attack is detected In this attack, clients connected to an AP are constantly forced to deauthenticate so they cannot stay connected to the network long enough to utilize it. dos-disassociation-detection This event occurs when a DoS disassociation attack is detected With this attack, clients connected to an AP are constantly disassociated. A fake deassociation frame is generated using an AP MAC address as the source address and the MAC address of the target device as the destination address. The target device on receiving this fake frame dissociates itself from the AP, then tries to re-associate. If the target receives a large number of deassociation frames, it will not be able to stay connected to the network long enough to utilize it.
ADVANCED-WIPS-POLICY 10 - 5 dos-eap-failure-spoof This event occurs when a Dos EAP failure spoofing attack is detected With this attack, the attacker generates a large number of EAP-failure packets forcing the AP to disassociate with its legitimate wireless clients. essid-jack-attack-detected This event occurs when an essid-jack attack is detected Essid-jack is a tool in the AirJack suite that sends a disassociate frame to a target client to force it to reassociate it to the network to find the SSID. This can be used to launch further DoS attacks on the network. fake-dhcp-server-detected This event occurs when a fake DHCP server is detected in the controlled network A fake or rogue DHCP server is a type of man in the middle attack where DHCP services are provide by an unauthorized DHCP server compromising the integrity of the wireless controller managed network. fata-jack-detected This event occurs when a FATA-jack exploit is detected in the controller managed network FATA-jack is a tool in the AirJack suite that forces an AP to disassociate a valid client. This exploit uses a spoofed authentication frame with an invalid authentication algorithm number of 2. The attacker sends an invalid authentication frame with the wireless client’s MAC, forcing the AP to return a deauth to the client. id-theft-eapol-success-spoof- detectedThis event occurs when an EAPOL success spoof is detected In this DoS attack, the attacker keeps the client from providing its credentials through the EAP-response packet by sending a EAP-success packet. Since the client is unable to provide its credentials, it cannot be authenticated and therefore cannot access the wireless network. id-theft-out-of-sequence This event occurs when an out of sequence packet is received This indicates a wireless client has been spoofed and is sending a packet out of sequence with the packet sent by the real wireless client. ipx-detection This event occurs when Novell’s Internetwork Packet Exchange (IPX) packets are detected monkey-jack-attack-detected This event occurs when a monkey-jack attack is detected Monkey-jack is a tool in the AirJack suite that enables an attacker to deauthenticate all wireless clients from an AP, and then insert itself between the AP and the wireless clients. multicast-all-routers-on-subnet This event occurs when a sanctioned device detects multicast packets to all routers on the subnet multicast-all-systems-on-subnet This event occurs when a sanctioned device detects multicast packets to all systems on the subnet multicast-dhcp-server-relay- agentThis event occurs when a sanctioned device detects a DHCP server relay agent in the network multicast-hsrp-agent This event occurs when a sanctioned device detects a Hot Standby Router Protocol (HSRP) agent in the network multicast-igmp-detection This event occurs when a sanctioned device detects multicast Internet Group Management Protocol (IGMP) packets
10 - 6 WiNG CLI Reference Guide • event [dos-rts-flood|invalid-channel-advertized|invalid-management-frame] trigger- against (neighboring,sanctioned,unsanctioned) multicast-igrp-routers-detection This event occurs when a sanctioned device detects multicast Interior Gateway Routing Protocol (IGRP) packets multicast-ospf-all-routers- detectionThis event occurs when a sanctioned device detects multicast Open Shortest Path First (OSPF) packets multicast-ospf-designated- routers-detectionThis event occurs when a sanctioned device detects multicast OSPF routers in the network multicast-rip2-routers-detection This event occurs when a sanctioned device detects multicast Routing Information Protocol version 2 (RIP2) routers in the network multicast-vrrp-agent This event occurs when a sanctioned device detects multicast Virtual Router Redundancy Protocol (VRRP) agents in the network netbios-detection This event occurs when netbios packets are detected in the network Network Basic Input/Output System (netbios) provides services related to the sessions layer of the OSI model. This allows applications on different devices to communicate over the local area network. null-probe-response-detected This event occurs when a sanctioned device detects null probe response packets stp-detection This event occurs when a sanctioned device detects Scanning Tunnelling Protocol (STP) packets in the network windows-zero-config-memory- leakThis event occurs when a Windows™ Zero-Config memory leak is detected wlan-jack-attack-detected This event occurs when a WLAN-jack exploit is detected in the wireless controller managed network. WLAN-jack is a tool in the AirJack suite that forces an AP to disassociate a valid client. The attacker sends deauthentication frames continuously or uses the broadcast address. This prevents the wireless clients from reassociating with the AP. trigger-against sanctioned Configures the event trigger condition sanctioned – The selected event is only triggered against sanctioned devices dos-rts-flood This event occurs when a large number of request to send (RTS) frames are detected in the wireless controller managed network invalid-channel-advertized This event occurs when packets with invalid channels are detected in the wireless controller managed network
ADVANCED-WIPS-POLICY 10 - 7 • event dos-cts-flood threshold [cts-frames-ratio |mu-rx-cts-frame ] • event dos-cts-flood trigger-against (neighboring,sanctioned,unsanctioned) • event dos-eapol-logoff-storm threshold [eapol-start-frames-ap |eapol- start-frames-mu invalid-management-frame This event occurs when an invalid management frame is detected in the controller managed network trigger-against (neighboring,sanctioned,unsanct ioned)Sets the trigger condition. The following conditions are available: sanctioned – An accidental association event is triggered against sanctioned devices unsanctioned – An accidental association event is triggered against unsanctioned devices neighboring – An accidental association event is triggered against neighboring devices dos-cts-flood This event occurs when a large number of clear to send (CTS) frames are detected in the network threshold [cts-frames-ratio |mu-rx-cts-frame ]Sets the CTS flood threshold cts-frames-radio – Sets the CTS:Total Frames ratio for triggering this event – Specify the value from 0 - 65535. mu-rx-cts-frame – Sets the CTS frame received by clients – Specify the value from 0 - 65535. dos-cts-flood This event occurs when a large number of clear to send (CTS) frames are detected in the network trigger-against (neighboring,sanctioned,unsanct ioned)Sets the trigger condition sanctioned – An accidental association event is triggered against sanctioned devices unsanctioned – An accidental association event is triggered against unsanctioned devices neighboring – An accidental association event is triggered against neighboring devices dos-eapol-logoff-storm This event occurs when a large number of EAPOL logoff frames are detected in the network threshold [eapol-start-frames-ap |eapol-start-frames- mu ]Sets the EAPOL logoff frames flood threshold eapol-start-frames-ap – Sets the EAPOL start frames transmitted by an AP to trigger this event – Specify a value from 0 - 65535. eapol-start-frames-mu – Sets the EAPOL start frames transmitted by a client to trigger this event – Specify a value from 0 - 65535.
10 - 8 WiNG CLI Reference Guide • event dos-eapol-logoff-storm trigger-against sanctioned • event probe-response-flood threshold probe-rsp-frames-count • event probe-response-flood trigger-against sanctioned • event rogue-ap-detection mitigation-enable • event rogue-ap-detection trigger-against (neighboring,sanctioned,unsanctioned) • event unauthorized-bridge mitigation-enable dos-eapol-logoff-storm This event occurs when a large number of EAPOL logoff frames are detected in the network trigger-against sanctioned Configures the event trigger condition sanctioned – This event is triggered against sanctioned devices only probe-response-flood This event occurs when a large number of probe response frames are detected in the network threshold probe-rsp-frames-count Sets the probe response frames flood threshold probe-rsp-frames-count – Sets the threshold from the number of probe response frames received – Specify the value from 0 - 65535. probe-response-flood This event occurs when a large number of probe response frames are detected in the network trigger-against sanctioned Configures the event trigger condition. sanctioned – This event is triggered against sanctioned devices only rogue-ap-detection This event occurs when rogue APs are detected in the network mitigation-enable Enables default mitigation for the rogue-ap-detection event rogue-ap-detection This event occurs when rogue APs are detected in the network. trigger-against (neighboring,sanctioned,unsancti oned)Sets the trigger condition sanctioned – An accidental association event is triggered against sanctioned devices unsanctioned – An accidental association event is triggered against unsanctioned devices neighboring – An accidental association event is triggered against neighboring devices unauthorized-bridge This event occurs when unauthorized bridges are detected in the network mitigation-enable Enables the default mitigation for the unauthorized-bridge event
ADVANCED-WIPS-POLICY 10 - 9 • event unauthorized-bridge trigger-against (neighboring,unsanctioned) Example rfs7000-37FABE(config-advanced-wips-policy-test)#event dos-cts-flood threshold cts- frames-ratio 8 rfs7000-37FABE(config-advanced-wips-policy-test)#event dos-eapol-logoff-storm threshold eapol-start-frames-mu 99 rfs7000-37FABE(config-advanced-wips-policy-test)#event probe-response-flood threshold probe-rsp-frames-count 8 rfs7000-37FABE(config-advanced-wips-policy-test)#event wlan-jack-attack-detected trigger-against sanctioned rfs7000-37FABE(config-advanced-wips-policy-test)#event probe-response-flood trigger- against sanctioned Related Commands unauthorized-bridge This event occurs when unauthorized bridges are detected in the network trigger-against (neighboring,unsanctioned)Sets the trigger condition unsanctioned – An accidental association event is triggered against unsanctioned devices neighboring – An accidental association event is triggered against neighboring devices noResets values or disables commands
10 - 10 WiNG CLI Reference Guide 10.1.2 no advanced-wips-policy Negates a command or sets its default value Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax no [event|server-listen-port|terminate|use] no event [accidental-association|crackable-wep-iv-used|dos-cts-flood| dos-deauthentication-detection|dos-disassociation-detection| dos-eap-failure-spoof|dos-eapol-logoff-storm|dos-rts-flood| essid-jack-attack-detected|fake-dhcp-server-detected|fata-jack-detected| id-theft-eapol-success-spoof-detected|id-theft-out-of-sequence| invalid-channel-advertized|invalid-management-frame|ipx-detection| monkey-jack-attack-detected|multicast-all-routers-on-subnet| multicast-all-systems-on-subnet| multicast-dhcp-server-relay-agent| multicast-hsrp-agent|multicast-igmp-detection|multicast-igrp-routers-detection| multicast-ospf-all-routers-detection|multicast-ospf-designated-routers-detection| multicast-rip2-routers-detection|multicast-vrrp-agent|netbios-detection| null-probe-response-detected|probe-response-flood|rogue-ap-detection| stp-detection|unauthorized-bridge|windows-zero-config-memory-leak| wlan-jack-attack-detected] no server-listen-port no terminate no use device-configuration Parameters • no event [accidental-association|crackable-wep-iv-used|dos-cts-flood| dos-deauthentication-detection|dos-disassociation-detection| dos-eap-failure-spoof|dos-eapol-logoff-storm|dos-rts-flood| essid-jack-attack-detected|fake-dhcp-server-detected|fata-jack-detected| id-theft-eapol-success-spoof-detected|id-theft-out-of-sequence| invalid-channel-advertized|invalid-management-frame|ipx-detection| monkey-jack-attack-detected|multicast-all-routers-on-subnet| multicast-all-systems-on-subnet| multicast-dhcp-server-relay-agent| multicast-hsrp-agent|multicast-igmp-detection|multicast-igrp-routers-detection| multicast-ospf-all-routers-detection|multicast-ospf-designated-routers-detection| multicast-rip2-routers-detection|multicast-vrrp-agent|netbios-detection| null-probe-response-detected|probe-response-flood|rogue-ap-detection|