Motorola Wing 5 Manual
Have a look at the manual Motorola Wing 5 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 249 Motorola manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 736
10 - 6 WiNG CLI Reference Guide
• event [dos-rts-flood|invalid-channel-advertized|invalid-management-frame] trigger-
against (neighboring,sanctioned,unsanctioned)
multicast-igrp-routers-detection This event occurs when a sanctioned device detects multicast Interior Gateway
Routing Protocol (IGRP) packets
multicast-ospf-all-routers-
detectionThis event occurs when a sanctioned device detects multicast Open Shortest Path
First (OSPF) packets
multicast-ospf-designated-
routers-detectionThis event occurs...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-735.png "Page 736
10 - 6 WiNG CLI Reference Guide
• event [dos-rts-flood|invalid-channel-advertized|invalid-management-frame] trigger-
against (neighboring,sanctioned,unsanctioned)
multicast-igrp-routers-detection This event occurs when a sanctioned device detects multicast Interior Gateway
Routing Protocol (IGRP) packets
multicast-ospf-all-routers-
detectionThis event occurs when a sanctioned device detects multicast Open Shortest Path
First (OSPF) packets
multicast-ospf-designated-
routers-detectionThis event occurs...")
![Page 737
ADVANCED-WIPS-POLICY 10 - 7
• event dos-cts-flood threshold [cts-frames-ratio |mu-rx-cts-frame ]
• event dos-cts-flood trigger-against (neighboring,sanctioned,unsanctioned)
• event dos-eapol-logoff-storm threshold [eapol-start-frames-ap |eapol-
start-frames-mu
invalid-management-frame This event occurs when an invalid management frame is detected in the controller
managed network
trigger-against
(neighboring,sanctioned,unsanct
ioned)Sets the trigger condition. The following conditions are available:...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-736.png "Page 737
ADVANCED-WIPS-POLICY 10 - 7
• event dos-cts-flood threshold [cts-frames-ratio |mu-rx-cts-frame ]
• event dos-cts-flood trigger-against (neighboring,sanctioned,unsanctioned)
• event dos-eapol-logoff-storm threshold [eapol-start-frames-ap |eapol-
start-frames-mu
invalid-management-frame This event occurs when an invalid management frame is detected in the controller
managed network
trigger-against
(neighboring,sanctioned,unsanct
ioned)Sets the trigger condition. The following conditions are available:...")
![Page 740
10 - 10 WiNG CLI Reference Guide
10.1.2 no
advanced-wips-policy
Negates a command or sets its default value
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
no [event|server-listen-port|terminate|use]
no event [accidental-association|crackable-wep-iv-used|dos-cts-flood|
dos-deauthentication-detection|dos-disassociation-detection|
dos-eap-failure-spoof|dos-eapol-logoff-storm|dos-rts-flood|...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-739.png "Page 740
10 - 10 WiNG CLI Reference Guide
10.1.2 no
advanced-wips-policy
Negates a command or sets its default value
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
no [event|server-listen-port|terminate|use]
no event [accidental-association|crackable-wep-iv-used|dos-cts-flood|
dos-deauthentication-detection|dos-disassociation-detection|
dos-eap-failure-spoof|dos-eapol-logoff-storm|dos-rts-flood|...")
![Page 741
ADVANCED-WIPS-POLICY 10 - 11
stp-detection|unauthorized-bridge|windows-zero-config-memory-leak|
wlan-jack-attack-detected]
• no server-listen-port
• no terminate
event [accidental-association|
crackable-wep-iv-used|
dos-cts-flood|
dos-deauthentication-detection|
dos-disassociation-detection|
dos-eap-failure-spoof|
dos-eapol-logoff-storm|
dos-rts-flood|
essid-jack-attack-detected|
fake-dhcp-server-detected|
fata-jack-detected|
id-theft-eapol-success-spoof-
detected|
id-theft-out-of-sequence|...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-740.png "Page 741
ADVANCED-WIPS-POLICY 10 - 11
stp-detection|unauthorized-bridge|windows-zero-config-memory-leak|
wlan-jack-attack-detected]
• no server-listen-port
• no terminate
event [accidental-association|
crackable-wep-iv-used|
dos-cts-flood|
dos-deauthentication-detection|
dos-disassociation-detection|
dos-eap-failure-spoof|
dos-eapol-logoff-storm|
dos-rts-flood|
essid-jack-attack-detected|
fake-dhcp-server-detected|
fata-jack-detected|
id-theft-eapol-success-spoof-
detected|
id-theft-out-of-sequence|...")
ADVANCED-WIPS-POLICY 10 - 11 stp-detection|unauthorized-bridge|windows-zero-config-memory-leak| wlan-jack-attack-detected] • no server-listen-port • no terminate event [accidental-association| crackable-wep-iv-used| dos-cts-flood| dos-deauthentication-detection| dos-disassociation-detection| dos-eap-failure-spoof| dos-eapol-logoff-storm| dos-rts-flood| essid-jack-attack-detected| fake-dhcp-server-detected| fata-jack-detected| id-theft-eapol-success-spoof- detected| id-theft-out-of-sequence| invalid-channel-advertized| invalid-management-frame| ipx-detection| monkey-jack-attack-detected| multicast-all-routers-on-subnet| multicast-all-systems-on-subnet| multicast-dhcp-server-relay- agent| multicast-hsrp-agent| multicast-igmp-detection| multicast-igrp-routers-detection| multicast-ospf-all-routers- detection| multicast-ospf-designated- routers-detection| multicast-rip2-routers-detection| multicast-vrrp-agent| netbios-detection| null-probe-response-detected| probe-response-flood| rogue-ap-detection| stp-detection| unauthorized-bridge| windows-zero-config-memory- leak| wlan-jack-attack-detected]Disables event handling for the event specified as its parameter See event for more information on each of the parameters. server-listen-port Resets the listen port for WIPS sensors to its default terminate Removes a device by its MAC address from the device termination list
10 - 12 WiNG CLI Reference Guide • no use device-configuration Example rfs7000-37FABE(config-advanced-wips-policy-test)#no event accidental-association trigger-against rfs7000-37FABE(config-advanced-wips-policy-test)#no server-listen-port rfs7000-37FABE(config-advanced-wips-policy-test)#no use device-categorization rfs7000-37FABE(config-advanced-wips-policy-test)#no terminate 11-22-33-44-55-66 Related Commands use device-categorization Removes the current device categorization list from the advanced WIPS policy eventConfigures WIPS events server-listen-portDefines the port where WIPS sensors connect to the WIPS server terminateAdds a device to the device terminate list useConfigures the device categorization list used with the advanced WIPS policy
ADVANCED-WIPS-POLICY 10 - 13 10.1.3 server-listen-port advanced-wips-policy Defines the local WIPS server’s listening port, where WIPS sensors connect to the local WIPS server Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax server-listen-port Parameters • server-listen-port Example rfs7000-37FABE(config-advanced-wips-policy-test)#server-listen-port 1009 Related Commands server-listen-port Select a port from 0 - 65535. NOTE: Onboard WIPS uses port 8443 and AirDefense Enterprise uses 443 noResets values or disables commands
10 - 14 WiNG CLI Reference Guide 10.1.4 terminate advanced-wips-policy Adds a device to a device termination list. Devices on this list cannot access the wireless controller managed network. Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax terminate Parameters • terminate Example rfs7000-37FABE(config-advanced-wips-policy-test)#terminate 00-40-96-B0-BA-2D Related Commands terminate Adds a device MAC address to the device termination list. Devices on this list cannot access the wireless controller managed network noResets values or disables commands
ADVANCED-WIPS-POLICY 10 - 15 10.1.5 use advanced-wips-policy Uses an existing device categorization list with the advanced WIPS policy. A device configuration list must exist before it can be used with the advanced WIPS policy. A device categorization list categorizes a device, either an AP or a wireless client, as sanctioned or neighboring based on its MAC address or access point SSID. For more information on creating a device categorization list, see Chapter 4, GLOBAL CONFIGURATION COMMANDS, section device-categorization. Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax use device-categorization Parameters Example rfs7000-37FABE(config-advanced-wips-policy-test)#use device-categorization localdevices Please note, advanced-wips ignores SSID of marked devices rfs7000-37FABE(config-advanced-wips-policy-test)#show context advanced-wips-policy test use device-categorization localdevices rfs7000-37FABE(config-advanced-wips-policy-test)# device-categorization Configures device categorization list – Specify a device name to be associated to this profile. NOTE: advanced-wips ignores the SSID of marked devices for device-categorization
10 - 16 WiNG CLI Reference Guide Related Commands noResets values or disables command device-categorizationCreates a device categorization list
CHAPTER 11 ASSOCIATION-ACL-POLICY This chapter summarizes the association ACL policy commands within the CLI structure. Use the (config) instance to configure association ACL policy related configuration commands. To navigate to the association-acl-policy instance, use the following commands: RFSSwitch(config)#association-acl-policy rfs7000-37FABE(config)#association-acl-policy test rfs7000-37FABE(config-assoc-acl-test)# rfs7000-37FABE(config-assoc-acl-test)#? Association ACL Mode commands: deny Specify MAC addresses to be denied no Negate a command or set its defaults permit Specify MAC addresses to be permitted clrscr Clears the display screen commit Commit all changes made in this session do Run commands from Exec mode end End current mode and change to EXEC mode exit End current mode and down to previous mode help Description of the interactive help system revert Revert changes service Service Commands show Show running system information write Write running configuration to memory or terminal rfs7000-37FABE(config-assoc-acl-test)#
11 - 2 WiNG CLI Reference Guide 11.1 association-acl-policy Table 11.1 summarizes association ACL policy commands Ta b l e 1 1 . 1association-acl-policy commands Command Description Reference denySpecifies a range of denied MAC addresses page 11-3 noNegates a command or sets its defaultpage 11-5 permitSpecifies a range of permitted MAC addresses page 11-7 clrscrClears the display screenpage 5-3 commitCommits (saves) changes made in the current sessionpage 5-4 doRuns commands from EXEC modepage 4-66 endEnds and exits the current mode and moves to the PRIV EXEC modepage 5-5 exitEnds the current mode and moves to the previous modepage 5-6 helpDisplays the interactive help systempage 5-7 revertReverts changes to their last saved configurationpage 5-13 serviceInvokes service commands to troubleshoot or debug (config-if) instance configurationspage 5-14 showDisplays running system informationpage 6-4 writeWrites information to memory or terminalpage 5-42
ASSOCIATION-ACL-POLICY 11 - 3 11.1.1 deny association-acl-policy Identifies those devices denied access to the wireless controller managed network. Devices are identified by their MAC address. A single MAC address or a range of MAC addresses can be specified to deny access. This command also sets the precedence on how deny list rules are applied. Up to a thousand (1000) deny rules can be defined. Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax deny [|precedence] deny precedence deny precedence Parameters • deny precedence • deny precedence deny Adds a single device or a set of devices to the deny list To add a single device, enter its MAC address in the parameter. precedence Sets a precedence rule. Rules are checked in an increasing order of precedence – Specify a precedence value from 1 - 1000. deny Adds a single device or a set of devices to the deny list To add a set of devices, provide the range of MAC addresses. Specify the first MAC address in the range. Specify the last MAC address in the range. precedence Sets a precedence rule. Rules are checked in an increasing order of precedence – Specify a value from 1 - 1000.
11 - 4 WiNG CLI Reference Guide Examples rfs7000-37FABE(config-assoc-acl-test)#show context association-acl-policy test rfs7000-37FABE(config-assoc-acl-test)#deny 11-22-33-44-55-01 11-22-33-44-55-FF precedence 150 rfs7000-37FABE(config-assoc-acl-test)#deny 11-22-33-44-56-01 11-22-33-44-56-01 precedence 160 rfs7000-37FABE(config-assoc-acl-test)#show context association-acl-policy test deny 11-22-33-44-55-01 11-22-33-44-55-FF precedence 150 deny 11-22-33-44-56-01 11-22-33-44-56-01 precedence 160 rfs7000-37FABE(config-assoc-acl-test)# Related Commands noRemoves a device or a set of devices from the deny list