Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 1164
1156
Brocade Mobility RFS Controller CLI Reference Guide
53-1003098-01
21
no event client-anomaly
[dos-broadcast-deauth|fuzzing-all-zero-macs|fuzzing-invalid-frame-type|fuzzin
g-invalid-mgmt-frames|fuzzing-invalid-seq-num|identical-src-and-dest-addr|inv
alid-8021x-frames|netstumbler-generic|non-conforming-data|wellenreiter]
{filter-ageout <0-86400>}
no event excessive [80211-replay-check-failure|aggressive-scanning|
auth-server-failures|decryption-failures|dos-assoc-or-auth-flood|dos-eapol-st
art-storm|
dos-unicast-deauth-or-disassoc|eap-flood|eap-nak-flood|frames-from-unassoc-st
ation] {filter-ageout <0-86400>|threshold-client <0-65535>|threshold-radio
<0-65535>}
no event
Disables WIPS policy event tracking
client-anomaly
Disables client anomaly event tracking
dos-broadcast-deauth
Disables DoS broadcast deauthentication event tracking
fuzzing-all-zero-macs
Disables Fuzzing tracking: All zero MAC addresses observed
fuzzing-invalid-frame-type
Disables Fuzzing tracking: Invalid frame type detected
fuzzing-invalid-mgmt-frames
Disables Fuzzing tracking: Invalid management frame
fuzzing-invalid-seq-num
Disables Fuzzing tracking: Invalid sequence number
identical-src-and-dest-addr
Disables the tracking of identical source and destination addresses
invalid-8021x-frames
Disables Fuzzing tracking: Invalid 802.1x frames
netstumbler-generic
Disables Netstumbler (v3.2.0, 3.2.3, 3.3.0) event tracking
non-conforming-data
Disables non conforming data packet tracking
wellenreiter
Disables Wellenreiter event tracking
filter-ageout
<0-86400>
The following keywords are common to all client anomaly events:
•
Optional. Resets the filter expiration interval in seconds
•
<0-86400> – Resets a filter ageout interval from 0 - 86400 seconds
no event
Disables WIPS policy event tracking
excessive
Disables the tracking of excessive events. Excessive events consist of actions that are performed
continuously and repetitively.
80211-replay-check-failure
Disables the tracking of 802.11 replay check failure
aggressive-scanning
Disables aggressive scanning event tracking
auth-server-failures
Disables the tracking of failures reported by authentication servers
decryption-failures
Disables the tracking of decryption failures
dos-assoc-or-auth-flood
Disables DoS association or authentication flood tracking
dos-eapol-start-storm
Disables the tracking of DoS EAPOL start storms
dos-unicast-deauth-or-disass
oc
Disables DoS disassociation or deauthentication flood tracking
eap-flood
Disables the tracking of EAP floods
eap-nak-flood
Disables the tracking of EAP NAKfloods
frames-from-unassoc-station
Disables the tracking of frames from unassociated clients
filter-ageout
<0-86400>
Optional. Resets the filter expiration interval in seconds. It resets the duration for which a client is filtered.
The client is added to a ACL as a special entry and frames received from this client are dropped.
•
<0-86400> – Resets a filter ageout interval from 0 - 86400 seconds