Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

602

Brocade Mobility RFS Controller System Reference Guide

53-1003099-01

10

14. Select OK to save the updates to the to excessive actions configuration used by the WIPS

policy. Select Reset to revert to the last saved configuration.

15. Select the MU Anomaly tab:

FIGURE 23

WIPS Events screen - MU Anomaly tab

MU anomaly events are suspicious events by wireless clients that can compromise the security
and stability of the network. Use this MU anomaly screen to configure the intervals clients can
be filtered upon the generation of each defined event.

16. Set the configurations of the following MU Anomaly Events configurations:

17. Select OK to save the updates to the MU anomaly configuration used by the WIPS policy. Select

Reset to revert to the last saved configuration.

Name

Displays the name of the MU anomaly event representing a potential threat to the network. This column
lists the event being tracked against the defined thresholds set for interpreting the event as excessive or
permitted.

Enable

Displays whether tracking is enabled for each event. Use the drop-down menu to enable/disable events
as required. A green checkmark defines the event as enabled for tracking against its threshold values. A
red “X” defines the event as disabled and not tracked by the WIPS policy. Each event is disabled by
default.

Filter Expiration

Set the duration the anomaly causing client is filtered. This creates a special ACL entry and frames
coming from the client are silently dropped. The default setting is 0 seconds. For each violation, define a
time to filter value in seconds which determines how long received packets are ignored from an attacking
device once a violation has been triggered. Ignoring frames from an attacking device minimizes the
effectiveness of the attack and the impact to the site until permanent mitigation can be performed.