wireless-controller : wids-profile
 
wids-profile
Use this command to configure Wireless Intrusion Detection (WIDS) profiles.
Syntax
config wireless-controller wids-profile
edit <wids-profile_name>
set comment <comment_str>
set ap-bgscan-disable-day <day_list_str>
set ap-bgscan-disable-end <time_str>
set ap-bgscan-disable-start <time_str>
set ap-bgscan-duration <time_str>
set ap-bgscan-intv <secs_int>
set ap-bgscan-period <secs_int>
set ap-bgscan-report-intv <secs_int>
set ap-fgscan-report-intv <secs_int>
set ap-scan {enable | disable}
set ap-scan-passive {enable | disable}
set asleap-attack {enable | disable}
set assoc-frame-flood {enable | disable}
set auth-frame-flood {enable | disable}
set deauth-broadcast {enable | disable}
set eapol-fail-flood {enable | disable}
set eapol-fail-intv <int>
set eapol-fail-thres <int>
set eapol-logoff-flood {enable | disable}
set eapol-logoff-intv <int>
set eapol-logoff-thres <int>
set eapol-pre-fail-flood {enable | disable}
set eapol-pre-fail-intv <int>
set eapol-pre-fail-thres <int>
set eapol-pre-succ-flood {enable | disable}
set eapol-pre-succ-intv <int>
set eapol-pre-succ-thres <int>
set eapol-start-flood {enable | disable}
set eapol-start-intv <int>
set eapol-start-thres <int>
set eapol-succ-flood {enable | disable}
set eapol-succ-intv <int>
set eapol-succ-thres <int>
set invalid-mac-oui {enable | disable}
set long-duration-attack {enable | disable}
set long-duration-thresh <int>
set null-ssid-probe-resp {enable | disable}
set spoofed-deauth {enable | disable}
set weak-wep-iv {enable | disable}
set wireless-bridge {enable | disable}
end
 
Variable
Description
Default
<wids-profile_name>
Enter a name for this WIDS profile.
No default.
comment <comment_str>
Optionally, enter a descriptive comment.
No default.
ap-bgscan-disable-day <day_list_str>
Enter the days of the week when background scanning is disabled.
null
ap-bgscan-disable-end <time_str>
Enter the end time (format hh:mm) for disabled background scanning. ap-bgscan-disable-day must be set.
00:00
ap-bgscan-disable-start <time_str>
Enter the start time (format hh:mm) for disabled background scanning. ap-bgscan-disable-day must be set.
00:00
ap-bgscan-duration <time_str>
Enter the listening time in ms on a scanning channel. Range 10 to 1000 ms.
20
ap-bgscan-intv <secs_int>
Enter the interval between two scanning channels. Range 1 to 600 seconds.
1
ap-bgscan-period <secs_int>
Enter the period in seconds between background scans.
600
ap-bgscan-report-intv <secs_int>
Enter the interval in seconds between background scan reports. Range 15 to 600 seconds.
30
ap-fgscan-report-intv <secs_int>
Enter the interval in seconds between foreground scan reports. Range 15 to 600 seconds.
15
ap-scan {enable | disable}
Enable or disable rogue AP scanning.
enable
ap-scan-passive {enable | disable}
Enable or disable passive scanning on all channels.
disable
asleap-attack {enable | disable}
Enable to detect asleap attack (attempt to crack LEAP security).
disable
assoc-frame-flood {enable | disable}
Enable to detect association frame flood attack.
disable
auth-frame-flood {enable | disable}
Enable to detect authentication frame flood attack.
disable
deauth-broadcast {enable | disable}
 
disable
eapol-fail-flood {enable | disable}
Enable to detect EAP FAIL flood attack.
disable
eapol-fail-intv <int>
Set EAP FAIL detection interval.
1
eapol-fail-thres <int>
Set EAP FAIL detection threshold.
10
eapol-logoff-flood {enable | disable}
Enable to detect EAP LOGOFF flood attack.
disable
eapol-logoff-intv <int>
Set EAP LOGOFF detection interval.
1
eapol-logoff-thres <int>
Set EAP LOGOFF detection threshold.
10
eapol-pre-fail-flood {enable | disable}
Enable to detect EAP premature FAIL flood attack.
disable
eapol-pre-fail-intv <int>
Set EAP premature FAIL detection interval.
1
eapol-pre-fail-thres <int>
Set EAP premature FAIL detection threshold.
10
eapol-pre-succ-flood {enable | disable}
Enable to detect EAP premature SUCC flood attack.
disable
eapol-pre-succ-intv <int>
Set EAP premature SUCC detection interval.
1
eapol-pre-succ-thres <int>
Set EAP premature SUCC detection threshold.
10
eapol-start-flood {enable | disable}
Enable to detect EAP START flood attack.
disable
eapol-start-intv <int>
Set EAP START detection interval.
1
eapol-start-thres <int>
Set EAP START detection threshold.
10
eapol-succ-flood {enable | disable}
Enable to detect EAP SUCC flood attack.
disable
eapol-succ-intv <int>
Set EAP SUCC detection interval.
1
eapol-succ-thres <int>
Set EAP SUCC detection threshold.
10
invalid-mac-oui {enable | disable}
Enable to detect use of spoofed MAC addresses. (The first three bytes should indicate a known manufacturer.)
disable
long-duration-attack {enable | disable}
Enable for long duration attack detection based on long‑duration‑thresh.
disable
long-duration-thresh <int>
Enter the duration in usec for long-duration attack detection. This is available when long-duration-attack is enable.
8200
null-ssid-probe-resp {enable | disable}
 
disable
spoofed-deauth {enable | disable}
Enable to detect spoofed deathentication packets.
disable
weak-wep-iv {enable | disable}
Enable to detect APs using weak WEP encryption.
disable
wireless-bridge {enable | disable}
Enable to detect wireless bridge operation, which is suspicious if your network doesn’t use a wireless bridge.
disable
Read-only variables (view using get command)
used-by