Dell PowerConnect W-Airwave Configuration Manual

Also see for PowerConnect W-Airwave: User guide User guide Manual Manual Quick start guide

Contents

AirWave Wireless Management Suite | Configuration Guide Aruba Configuration Reference | 103Profiles > IDS > ImpersonationPerform these steps to create IDS Impersonation profiles.1. Click Profiles > IDS > Impersonation in the Aruba Navigation pane.2. Click the Add button to create a new Impersonation profile, or click the pencil icon next to an existingprofile to edit. The Details page appears. Complete the settings as described in Table 35:3. Click Add or Save. The added or edited Impersonation profile appears on the Profiles > IDS >Impersonation page.Table 35 Aruba Configuration > Profiles > IDS > Impersonation SettingsField Default DescriptionGeneral SettingsFolder Top Use this field to set and display the folder with which the profile isassociated. The drop-down menu displays all folders available forassociation with the profile.Folders provide a way to organize the visibility of device parameters that isseparate from the configuration groups of devices. Using folders, you canview basic statistics about device, and define which users have visibility towhich device parameters.Name Blank Enter the name of the impersonation profile.Other SettingsDetect APImpersonationYes Enable or disable detection of AP impersonation. In AP impersonationattacks, the attacker sets up an AP that assumes the BSSID and ESSID ofa valid AP. AP impersonation attacks can be done for man-in-the-middleattacks, a rogue AP attempting to bypass detection, or a honeypot attack.Protect from APImpersonationNo When AP impersonation is detected, use this control to set both thelegitimate and impersonating AP to be disabled using a denial of serviceattack.Beacon DiffThreshold (0-100%)50 Set the percentage increase in beacon rate that triggers an APimpersonation event.Beacon IncreaseWait Time(0-360000 sec)3 Set the time, in seconds, after the Beacon Diff Threshold is crossed beforean AP impersonation event is generated.Detect SequenceAnomalyNo Enable or disable detection of anomalies between sequence numbersseen in 802.11 frames. During an impersonation attack, the attacker mayspoof the MAC address of a client or AP — if two devices are active on thenetwork with the same MAC address, the sequence numbers in the frameswill not match since the sequence number is generated by NIC firmware.Sequence Numberof Difference(0-100000)300 Set the maximum allowable tolerance between sequence numbers withinthe Sequence Number Time Tolerance period.Sequence NumberTime Tolerance(0-360000 sec)300 Time, in seconds, during which sequence numbers must exceed theSequence Number Difference value for an alarm to be triggered.Sequence NumberQuiet Time(60-360000 sec)900 After an alarm has been triggered, the time (in seconds) that must elapsebefore another identical alarm may be triggered.