D-Link DWS-3160-24TC DWS-3160 Series Web UI Reference Guide - Page 439

DWS-3160 Series Gigabit Ethernet Unified Switch Web UI Reference Guide Not Present in OUI Database Test Select Enabled to check whether a client is present in the OUI DB Test. Not Present in Known Client Database Test Select Enabled to check whether the client, which is identified by its MAC address, is listed in the Known Client Database and is allowed access to the AP either through the Authentication Action of Grant or through the White List global action. If the client is in the Known Client Database and has an action of Deny, or if the action is Global Action and it is globally set to Black List, the client fails this test. Configured Select Enabled to check whether the client has exceeded the configured rate for Authentication Rate Test transmitting 802.11 authentication requests. Configured Probe Requests Rate Test Select Enabled to check whether the client has exceeded the configured rate for transmitting probe requests. Configured DeAuthentication Request Rate Test Select Enabled to check whether the client has exceeded the configured rate for transmitting de-authentication requests. Maximum Authentication Select Enabled to check whether the client has exceeded the maximum number Failures Test of failed authentications. Authentication with Unknown AP Test Select Enabled to check whether a client in the Known Client database is authenticated with an unknown AP. Client Thread Mitigation Select Enabled to send de-authentication messages to clients that are in the Known Clients database but are associated with unknown APs. Authentication with Unknown AP Test must also be enabled in order for the mitigation to take place. Select Disabled to allow clients in the Known Clients database to remain authenticated with an unknown AP. Known Client Database Lookup Method Specify whether the Switch should use the Local or RADIUS database for the lookups in the Known Client database when detecting a client on the network. Rogue Detected Trap Enter the interval, in seconds, between transmissions of the SNMP trap telling the Interval (60-3600 seconds administrator that rogue APs are present in the RF Scan database. Enter 0 to or 0 is disable) disable the function. De-Authentication Requests Threshold Interval (1-3600 seconds) Enter the number of seconds an AP should spend counting the de-authentication messages sent by wireless clients. De-Authentication Requests Threshold Value (1-99999) Enter a threshold value. When the Switch receives more messages than the specified value during the threshold interval, the test triggers. Authentication Requests Threshold Interval (13600 seconds) Enter the number of seconds an AP should spend counting the authentication messages sent by wireless clients. Authentication Requests Threshold Value (199999) Enter a threshold value. When the Switch receives more messages than the specified value during the threshold interval, the test triggers. Probe Requests Threshold Interval (13600 seconds) Enter the number of seconds an AP should spend counting the probe messages sent by wireless clients. Probe Requests Threshold Value (199999) Enter the number of probe requests a wireless client is allowed to send during the threshold interval before the event is reported as a threat. Authentication Failure Threshold Value (199999) Enter the number of 802.1X authentication failures a client is allowed to have before the event is reported as a threat. Click the Apply button to accept the changes made. 434