D-Link DWS-4026 Product Manual - Page 498
Viewing Detected Client Pre-Authentication History, Table 319, WIDS Client Rogue Classification, Field
UPC - 790069325533
View all D-Link DWS-4026 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 498 highlights
D-Link Unified Access System Software User Manual 12/10/09 Table 319: WIDS Client Rogue Classification Field Description MAC Address Test Description The Ethernet MAC address of the detected wireless client. Identifies the tests that were performed, which includes the following: • Client is not listed in the Known Clients database. • Client exceeds the configured rate for transmitting 802.11 authentication requests. • Client exceeds the configured rate for transmitting probe requests. • Client exceeds the configured rate for transmitting de-authentication requests. • Client exceeds the maximum number of failing authentications. • Known Client is authenticated with an Unknown AP. Condition Detected Reporting MAC Address Indicates whether the result of the test was true or false. Identifies the MAC address of the AP that reported the test results. Radio Identifies which physical radio on the reporting AP was responsible for the test results. Test Config Shows whether this test is configured to report rogues. Each test can be globally enabled or disabled to report a positive result as a rogue. Test Result Shows whether this test reported the device as rogue. In some cases the test may report a positive result, be enabled, but not report the device as rogue because the device is allowed to operate in this mode. Time Since First Report Time stamp indicating how long ago this test first detected the condition. Time Since Last Report Time stamp indicating how long ago this test last detected the condition. Viewing Detected Client Pre-Authentication History To help authenticated clients roam without losing sessions and needing to re-authenticate, wireless clients can attempt to authenticate to other APs within range that the client could possibly associate with. For successful pre-authentication, the target AP must have a VAP with an SSID and security configuration that matches that of the client, including MAC authentication, encryption method, and pre-shared key or RADIUS parameters. The the AP that the client is associated with captures all pre-authentication requests and sends them to the switch. The Detected Client Pre-Authentication History page shows information about the pre-authentication requests that the detected client has made. Figure 343: Detected Client Pre-Authentication History Table 320 describes the fields on the Detected Client Pre-Authentication History page. Page 498 Monitoring and Managing Intrusion Detection Document 34CSFP6XXUWS-SWUM100-D7