You are here: Home > CLI Commands > Just_CLI_Topics > ids wms-general-profile

ids wms-general-profile

ids wms-general-profile

adhoc-ap-ageout-interval <adhoc-ap-ageout-interval>

ap-ageout-interval <ap-ageout-interval>

collect-stats

learn-ap

learn-system-wired-macs

no

persistent-neighbor

persistent-valid-sta
poll-interval <poll-interval>

poll-retries <poll-retries>

propagate-wired-macs

sta-ageout-interval <sta-ageout-interval>

stat-update

Description

This command configures the IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. management system (WMS) general profile.

Syntax

Parameter

Description

Range

Default

adhoc-ap-ageout-interval

<adhoc-ap-ageout-interval>

Time, in minutes, that an ad hoc (IBSS) AP remains unseen before it is deleted (ageout) from the database.

0-10000

30 minutes

ap-ageout-interval

<ap-ageout-interval>

Time, in minutes, that an AP remains unseen by any probes before it is deleted from the database.

0-10000

30 minutes

collect-stats

Enables or disables collection of statistics (up to 25,000 entries) on Mobility Master for monitored APs and clients.

Enable

Disable

Disable

learn-ap

Enables or disables “learning” of non-Aruba APs.

Enable

Disable

Disable

learn-system-wired-macs

Enables or disables “learning” of wired MACs.

Enable

Disable

Disable

no

Negates any configured parameter.

persistent-neighbor

Does not age out known AP neighbors.

Enable

Disable

Disable

persistent-valid-sta

Does not age out valid stations.

Enable

Disable

Disable

poll-interval

<poll-interval>

Interval, in milliseconds, for communication between Mobility Master and Aruba AMs. Mobility Master contacts the AMAir Monitor. AM is a mode of operation supported on wireless APs. When an AP operates in the Air Monitor mode, it enhances the wireless networks by collecting statistics, monitoring traffic, detecting intrusions, enforcing security policies, balancing wireless traffic load, self-healing coverage gaps, and more. However, clients cannot connect to APs operating in the AM mode. at this interval to download AP to station associations, update policy configuration changes, and download AP and station statistics.

60000 milliseconds
(1 minute)

poll-retries

<poll-retries>

Maximum number of failed polling attempts before the polled AMAir Monitor. AM is a mode of operation supported on wireless APs. When an AP operates in the Air Monitor mode, it enhances the wireless networks by collecting statistics, monitoring traffic, detecting intrusions, enforcing security policies, balancing wireless traffic load, self-healing coverage gaps, and more. However, clients cannot connect to APs operating in the AM mode. is considered to be down.

2

propagate-wired-
macs

Enable/disable propagation of the gatewayGateway is a network node that allows traffic to flow in and out of the network. wired MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. information.

Enable

Disable

Enable

sta-ageout-interval

<sta-ageout-interval>

Time, in minutes, that a client remains unseen by any probes before it is deleted from the database.

30 minutes

stat-update

Enable/disable statistics updating in the database.

Enable

Disable

Enable

Usage Guidelines

The WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. management system (WMS) on Mobility Master monitors wireless traffic to detect any new AP or wireless client station in the RFRadio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. environment. When an AP or wireless client is detected, it is classified, and its classification is used to determine the security policies that should be enforced on the AP or client.

By default, non-Aruba APs that are connected on the same wired networks as Aruba APs are classified as “rogue” APs. Enabling AP learning classifies non-Aruba APs as “valid” APs. Typically, you would want to enable AP learning in environments with large numbers of existing non-Aruba APs and leave AP learning enabled until all APs in the network have been detected and classified as valid. Then, disable AP learning and reclassify any unknown APs as interfering.

VLAN Trunking

In deployments where Aruba APs are not placed on every VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. and where it is not possible to trunk all VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. to an Aruba AP, enable the parameter learned-system-wired-mac. When this is enabled, ArubaOS is able to classify rogues on all the VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. that belong to a Mobility Master, as long as Aruba APs can see the rogues in the air. If there are VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. in the network residing on a third party controller and if those VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. are trunked to a port on a Mobility Master, enabling this feature will allow detection of rogues on those VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. as well.

Mobility Master/Managed Device

When learned-system-wired-mac is enabled in a Mobility Master deployment, the learning of Wired and GatewayGateway is a network node that allows traffic to flow in and out of the network. MACs will happen at each managed device. For topologies with managed devices in different geographical locations, the managed device collects the Wired and GatewayGateway is a network node that allows traffic to flow in and out of the network. MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. info and passes it to the APs that are connected to it. Even though the locals do the collection of Wired and GatewayGateway is a network node that allows traffic to flow in and out of the network. MACs, Mobility Master is still responsible for classification.

Example

The following command enables AP learning:

(host) [mynode] (IDS WMS General Profile) #learn-ap

The following command disables AP learning:

(host) [mynode] (IDS WMS General Profile) #no learn-ap

Related Commands

Command

Description

show ids wms-general-profile

Displays general statistics for the WMS configuration.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

Base operating system.

Config mode on Mobility Master.

/*]]>*/