Dell PowerConnect W-Airwave W-Airwave 7.2 Configuration Guide - Page 84

Table 31 Profiles > IDS > Denial of Service Profile Settings (Continued) Field Default Description AP Flood Increase Time 3 Sets the time, in seconds, during which a configured number of Fake AP beacons must be received to trigger an alarm. AP Flood Detection 900 Quiet Time After an alarm has been triggered by a Fake AP flood, the time (in seconds) that must elapse before an identical alarm may be triggered. Detect EAP Rate No Enables or disables Extensible Authentication Protocol (EAP) handshake analysis to Anomaly detect an abnormal number of authentication procedures on a channel and generates an alarm when this condition is detected. EAP Rate Thresholds 60 Sets the number of EAP handshakes that must be received within the EAP Rate Time Interval to trigger an alarm. EAP Rate Time Interval 3 Sets the time, in seconds, during which the configured number of EAP handshakes must be received to trigger an alarm. EAP Rate Quiet Time 900 After an alarm has been triggered, sets the time (in seconds) that must elapse before another identical alarm may be triggered. Detect Rate Anomalies No Enables or disables detection of rate anomalies. Detect 802.11n 40MHz Yes Intolerance Setting Enables or disables detection of 802.11n 40 MHz intolerance setting, which controls whether stations and APs advertising 40 MHz intolerance will be reported. Client 40 MHz 900 Intolerance Detection Quiet Time Controls the quiet time (when to stop reporting intolerant STAs if they have not been detected), in seconds, for detection of 802.11n 40 MHz intolerance setting. 3. Select Add or Save. The added or edited Denial of Service profile appears on the IDS > Denial of Service profiles page. Profiles > IDS > Denial of Service > Rate Threshold The IDS rate threshold profile defines thresholds assigned to the different frame types for rate anomaly checking. A profile of this type is attached to each of the following 802.11 frame types in the IDS Denial of Service profile:  Association frames  Disassociation frames  Deauthentication frames  Probe Request frames  Probe Response frames  Authentication frames A channel threshold applies to an entire channel, while a node threshold applies to a particular client MAC address. Dell PowerConnect W provides predefined default IDS rate thresholds profiles for each of these types of frames. Default values depend upon the frame type. Perform these steps to create Rate Threshold Profiles for use with Denial of Service profiles. 1. Select Profiles > IDS > Denial of Service > Rate Thresholds in the Dell PowerConnect W Navigation pane. This page summarizes the current thresholds available. 84 | Dell PowerConnect W Configuration Reference Dell PowerConnect W AirWave 7.2 | Configuration Guide