You are here: Home > CLI Commands > Just_CLI_Topics > ids wms-local-system-profile

ids wms-local-system-profile

ids wms-local-system-profile

max-ap-threshold <max-ap-threshold>

max-rbtree-entries <max-rbtree-entries>

max-sta-threshold <max-sta-threshold>

max-system-wm <max-system-wm>

no

override-svc-termination <override-svc-termination>

periodic-ap-snapshot-interval <periodic-ap-snapshot-interval>

periodic-rogue-ap-snapshot-interval <periodic-rogue-ap-snapshot-interval>

periodic-sta-snapshot-interval <periodic-sta-snapshot-interval>

system-wm-update-interval <system-wm-update-interval>

Description

This command configures the WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. management system (WMS) service to terminate on individual managed devices instead of Mobility Master.

Syntax

Parameter

Description

Range

Default

max-ap-threshold

Sets the max threshold for the total number of APs

0 to 50,000,000

max-rbtree-entries

Sets the max threshold for the total number of AP and station RBTree entries.

max-sta-threshold

Sets the max threshold for the total number of stations.

max-system-wm

Sets the max number of system wired MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. table entries learned by the managed device.

1-2000

1000

no

Negates or deletes an existing parameter

override-svc-termination  

Overrides the system-determined termination mode, and terminates WMS service at the managed device to which the AP is associated. Do not use this option if you have multiple managed devices in one location, as WMS will not operate correctly.

Enable

Disable

Disable

periodic-ap-snapshot-interval  

Sets the interval, in minutes, at which to generate a periodic snapshot of monitored APs. The (AMONAdvanced Monitoring. AMON is used in Aruba WLAN deployments for improved network management, monitoring and diagnostic capabilities.) messages comprising the snapshot are spread over this interval.

60-360 minutes

180 minutes

periodic-rogue-ap-snapshot-interval

Sets the interval, in minutes, at which to generate a periodic snapshot of monitored rogue APs. The (AMONAdvanced Monitoring. AMON is used in Aruba WLAN deployments for improved network management, monitoring and diagnostic capabilities.) messages comprising the snapshot are spread over this interval.

5-360 minutes

30 minutes

periodic-sta-snapshot-interval

Sets the interval, in minutes, at which to generate a periodic snapshot of monitored clients. The (AMONAdvanced Monitoring. AMON is used in Aruba WLAN deployments for improved network management, monitoring and diagnostic capabilities.) messages comprising the snapshot are spread over this interval.

60-360 minutes

180 minutes

system-wm-update-interval

Sets the interval, in minutes, for repopulating the system wired MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. table at the managed device.

1-30 minutes

8 minutes

Usage Guidelines

The WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. management system (WMS) on the controller monitors wireless traffic to detect any new AP or wireless client station in the RFRadio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. environment. When an AP or wireless client is detected, it is classified, and its classification is used to determine the security policies that should be enforced on the AP or client. By default, the WMS service is terminated at Mobility Master, which requires every AP across the network to communicate with the WMS service on Mobility Master. The IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. WMS local system profile includes a WMS service termination override parameter that optimizes limited bandwidth between the managed device and Mobility Master by allowing the AP communicate directly with the managed device to which it is associated.

When local WMS service termination is enabled, the WMS service on the managed device will:

perform device classification for associated APs

correlate events from associated APs

update the local WMS database

aggregate and redistribute WMS data such as wired MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses, tarpit BSSIDsBasic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly. and valid or registered OUIs to associated APs

The devices and events detected by the managed device can (optionally) be sent to Mobility Master, allowing Mobility Master to update its database with AP, client and event information from that managed device. Note, however, that enabling this option increases the bandwidth usage between the managed device and Mobility Master.

The configuration parameters in IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. WMS local system profile enables local termination of the WMS service, sets maximum thresholds for the maximum number of managed APs and stations, and defines the intervals at which valid AP, rogue AP and station data is sent to the managed device. Increasing the max AP or max station threshold limits in the IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. local system profile will cause an increase in usage in the memory by WMS. In general, each entry will consume about 500 bytes of memory. If a setting is bumped up by 2000, then it will cause an increase in WMS memory usage by 1 MB.

Example

The following commands first set the interval time for repopulating the MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. table to 10 minutes and then sets the maximum number of APs to 100:

(host) [mynode] (config) #ids wms-local-system-profile system-wm-update-interval 10

(host) [mynode] (config)# ids wms-local-system-profile max-ap-threshold 100

Related Commands

 

Modification

mgmt-server

Configures the management server profile.

ids management-profile

Manages the events correlation for IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. event traps and syslogs (logs).

show ids wms-local-system-profile

Displays the local WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. management system (WMS) service profile settings .

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

Base operating system.

Config mode on Mobility Master.

/*]]>*/