You are here: Home > CLI Commands > Just_CLI_Topics > ids rate-thresholds-profile

ids rate-thresholds-profile

ids rate-thresholds-profile <profile-name>

channel-inc-time <channel-inc-time>

channel-quiet-time <channel-quiet-time>

channel-threshold <channel-threshold>

clone <profile>

no ...

node-quiet-time <node-quiet-time>

node-threshold <node-threshold>

node-time-interval <node-time-interval>

Description

This command configures an IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. rate thresholds profile.

Syntax

Parameter

Description

Range

Default

<profile-name>

Name that identifies an instance of the profile. The name must be 1-63 characters.

default

channel-inc-time

<channel-inc-time>

Time, in seconds, in which the threshold must be exceeded in order to trigger an alarm.

0 - 360000 seconds

15 seconds

channel-quiet-time

<channel-quiet-time>

After a channel rate anomaly alarm has been triggered, the time that must elapse before another identical alarm may be triggered. This option prevents excessive messages in the log file.

60-360000 seconds

900 seconds

channel-threshold

Number of specific frame types that must be exceeded within a specific interval in a channel to trigger an alarm.

0-100000 frames

300

clone <source>

Copies an existing IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. rate thresholds profile.

no

Negates any configured parameter.

node-quiet-time

<node-quiet-time>

After a node rate anomaly alarm has been triggered, the time, in seconds, that must elapse before another identical alarm may be triggered. This option prevents excessive messages in the log file.

60-360000 seconds

900 seconds

node-threshold

<node-threshold>

Number of a specific type of frame that must be exceeded within a specific interval for a particular client MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address to trigger an alarm.

0 -100000 frames

200

node-time-interval

<node-time-interval>

Time, in seconds, in which the threshold must be exceeded in order to trigger an alarm.

1-120 seconds

15 seconds

Usage Guidelines

A profile of this type is attached to each of the following 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. frame types in the IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. denial of service profile:

Association frames

Disassociation frames

Deauthentication frames

Probe Request frames

Probe Response frames

Authentication frames

Example

The following command configures frame thresholds:

(host) [mynode] (config) #ids rate-thresholds-profile Lobby

(host) [mynode] (IDS Rate Thresholds Profile "Lobby") #channel-threshold 250

Related Commands

Command

Description

show ids rate-thresholds-profile

Displays the IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. rate thresholds profile.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command Introduced.

Command Information

Platform

License

Command Mode

All platforms

Requires the RFprotect license.

Config mode on Mobility Master.

/*]]>*/