You are here: Home > CLI Commands > Just_CLI_Topics > show ids unauthorized-device-profile

show ids unauthorized-device-profile

show ids unauthorized-device-profile <profile-name>

Description

Show an IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. Unauthorized Device Profile.

Syntax

Parameter

Description

<profile-name>

Name of an IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. Unauthorized Device profile.

Usage Guidelines

Issue this command without the <profile-name> parameter to display the IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. Unauthorized Device profile list. Include a profile name to display detailed configuration information for that profile.

Examples

The example below shows that the Mobility Master has five configured Unauthorized Device profiles.

(host) [mynode] (config) #show ids unauthorized-device-profile

 

IDS Unauthorized Device Profile List

------------------------------------

Name References Profile Status

---- ---------- --------------

default 4

test 0

test1 1

Wizard-test 1

Wizard-test2 1

 

Total:5

In the example above, the Reference column indicates the number of references to the profile named in the Name column. The Profile Status column is blank unless the rule is predefined.

This example displays the configuration settings for the profile test1.

(host) [mynode] (config) #show ids unauthorized-device-profile test1

 

IDS Unauthorized Device Profile "test1"

IDS Unauthorized Device Profile "default"

-----------------------------------------

Parameter Value

--------- -----

Protect 802.11n High Throughput Devices false

Protect 40MHz 802.11n High Throughput Devices false

Detect Active 802.11n Greenfield Mode false

Detect Adhoc Networks false

Protect from Adhoc Networks false

Protect from Adhoc Networks - Enhanced false

Detect Adhoc Network Using Valid SSID true

Adhoc Network Using Valid SSID Quiet Time 900 sec

Allow Well Known MAC N/A

Detect Devices with an Invalid MAC OUI false

MAC OUI detection Quiet Time 900 sec

Detect Misconfigured AP false

Protect Misconfigured AP false

Detect Bad WEP false

Privacy false

Require WPA false

Valid 802.11g channel for policy enforcement N/A

Valid 802.11a channel for policy enforcement N/A

Valid and Protected SSIDs N/A

Valid MAC OUIs N/A

Rogue AP Classification true

Overlay Rogue AP Classification true

OUI-based Rogue AP Classification true

Propagated Wired MAC based Rogue AP Classification true

Rogue Containment false

Suspected Rogue Containment false

Suspected Rogue Containment Confidence Level 60

Detect Station Association To Rogue AP true

Detect Unencrypted Valid Clients true

Unencrypted Valid Client Detection Quiet Time 900 sec

Detect Valid Client Misassociation true

Detect Valid SSID Misuse false

Protect SSID false

Protect Valid Stations false

Valid Wired MACs N/A

Detect Windows Bridge true

Protect Windows Bridge false

Detect Wireless Bridge false

Wireless Bridge detection Quiet Time 900 sec

Detect Wireless Hosted Network true

Wireless Hosted Network Quiet Time 900 sec

Protect From Wireless Hosted Networks false

The output of this command includes the following parameters:

Parameter

Description

Protect 802.11n High Throughput Devices

Shows if the profile enables or disables protection of HTHigh Throughput. IEEE 802.11n is an HT WLAN standard that aims to achieve physical data rates of close to 600 Mbps on the 2.4 GHz and 5 GHz bands. (802.11n802.11n is a wireless networking standard to improve network throughput over the two previous standards, 802.11a and 802.11g. With 802.11n, there will be a significant increase in the maximum raw data rate from 54 Mbps to 600 Mbps with the use of four spatial streams at a channel width of 40 MHz.) devices.

Protect 40MHz 802.11n High Throughput Devices

Shows if the profile enables or disables protection of HTHigh Throughput. IEEE 802.11n is an HT WLAN standard that aims to achieve physical data rates of close to 600 Mbps on the 2.4 GHz and 5 GHz bands. (802.11n802.11n is a wireless networking standard to improve network throughput over the two previous standards, 802.11a and 802.11g. With 802.11n, there will be a significant increase in the maximum raw data rate from 54 Mbps to 600 Mbps with the use of four spatial streams at a channel width of 40 MHz.) devices operating in 40 MHzMegahertz mode.

Detect Active 802.11n Greenfield Mode

Shows if the profile enables or disables detection of HTHigh Throughput. IEEE 802.11n is an HT WLAN standard that aims to achieve physical data rates of close to 600 Mbps on the 2.4 GHz and 5 GHz bands. devices advertising greenfield preamble capability.

Detect AdHoc Networks

Shows if the profile has enabled or disabled detection of ad hoc networksAn ad hoc network is a network composed of individual devices communicating with each other directly. Many ad hoc networks are Local Area Networks (LANs) where computers or other devices are enabled to send data directly to one another rather than going through a centralized access point..

Protect from Adhoc Networks

Shows if the profile has enabled or disabled protection from WPAWi-Fi Protected Access. WPA is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption. or WPA2Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. ad hoc networksAn ad hoc network is a network composed of individual devices communicating with each other directly. Many ad hoc networks are Local Area Networks (LANs) where computers or other devices are enabled to send data directly to one another rather than going through a centralized access point..

Protect from Adhoc Networks-Enhanced

Shows if the profile has enabled or disabled protection from WEPWired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. or Open ad hoc networksAn ad hoc network is a network composed of individual devices communicating with each other directly. Many ad hoc networks are Local Area Networks (LANs) where computers or other devices are enabled to send data directly to one another rather than going through a centralized access point..

Detect Valid SSID Misuse

Shows if the detect valid SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. minuse is enabled (true) or disabled (false).

Adhoc Network Using Valid SSID Quiet Time

Shows time to wait, in seconds, after detecting an ad hoc networkAn ad hoc network is a network composed of individual devices communicating with each other directly. Many ad hoc networks are Local Area Networks (LANs) where computers or other devices are enabled to send data directly to one another rather than going through a centralized access point. using a valid SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., after which the check can be resumed.

Allow Well Known MAC

Shows if the profile allows devices with known MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses to classify

rogue APs.

Detect Devices with an Invalid MAC OUI

Shows if the profile has enabled or disabled checking of the first three bytes of a MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address, known as the OUIOrganizationally Unique Identifier. Synonymous with company ID or vendor ID, an OUI is a 24-bit, globally unique assigned number, referenced by various standards. The first half of a MAC address is OUI., assigned by the IEEEInstitute of Electrical and Electronics Engineers. to known manufacturers.

MAC OUI detection Quiet Time

Time, in seconds, that must elapse after an invalid MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. OUIOrganizationally Unique Identifier. Synonymous with company ID or vendor ID, an OUI is a 24-bit, globally unique assigned number, referenced by various standards. The first half of a MAC address is OUI. alarm has been triggered before another identical alarm may be triggered.

Detect Misconfigured AP

Shows if the profile has enabled or disabled detection of misconfigured APs.

Protect Misconfigured AP

Shows if the profile has enabled or disabled protection of misconfigured APs.

Detect Bad WEP

Shows if the profile has enabled or disabled detection of WEPWired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. initialization vectors that are known to be weak or repeating.

Privacy

Shows if the profile has enabled or disabled encryption as a valid AP configuration.

Require WPA

Shows if the Mobility Master will flag any valid AP not using WPAWi-Fi Protected Access. WPA is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption. as a misconfigured AP.

Valid 802.11g channel for policy enforcement

A list of valid 802.1b or 802.1g channels that third-party APs are allowed to use.

Valid 802.11a channel for policy enforcement

A list of valid 802.11a802.11a provides specifications for wireless systems. Networks using 802.11a operate at radio frequencies in the 5 GHz band. The specification uses a modulation scheme known as orthogonal frequency-division multiplexing (OFDM) that is especially well suited to use in office settings. The maximum data transfer rate is 54 Mbps. channels that third-party APs are allowed to use.

Valid and Protected SSIDs

A list of valid and protected SSIDsService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network..

Valid MAC OUIs

A list of valid MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. OUIs.

Rogue AP Classification

Shows if the profile has enabled or disabled rogue AP classification.

Overlay Rogue AP Classification

Shows if the Mobility Master allows APs that are plugged into the wired side of the network to be classified as “suspected rogue” instead of “rogue”.

OUI-based Rogue AP Classification

Shows if OUIOrganizationally Unique Identifier. Synonymous with company ID or vendor ID, an OUI is a 24-bit, globally unique assigned number, referenced by various standards. The first half of a MAC address is OUI.-based rogue AP classification is enabled or disabled.

Propagated Wired MAC based Rogue AP Classification

Shows if rogue AP classification through propagated wired MACs is enabled or disabled.

Rogue Containment

Shows if the Mobility Master will automatically shut down rogue APs.

Suspected Rogue Containment

Shows if the Mobility Master will automatically treat suspected rogue APs as interfering APs.

Suspected Rogue Containment Confidence Level

Confidence level of suspected Rogue AP to trigger containment, expressed as a percentage.

Detect Station Association To Rogue AP

Shows if the profile has been configured to detect station association to a rogue AP.

Detect Unencrypted Valid Clients

Shows if the profile has enabled or disabled detection of unencrypted valid clients.

Unencrypted Valid Client Detection Quiet Time

Shows the time to wait, in seconds, after detecting an unencrypted valid client after which the check can be resumed.

Detect Valid Client Misassociation

Shows if the profile has enabled or disabled detection of a misassociation between a valid client and an unsafe AP.

Detect Valid SSID Misuse

Shows if the profile has enabled or disabled detection of Interfering or Neighbor APs using valid or protected SSIDsService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network..

Protect SSID

Shows if the profile has enabled or disabled use of SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. by valid APs only.

Protect Valid Stations

Shows if the Mobility Master will allow valid stations to connect to a non-valid AP.

Valid Wired MACs

List of valid and protected SSIDsService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network..

Detect Windows Bridge

Shows if the profile has enabled or disabled detection of Windows station bridging.

Protect Windows Bridge

Shows if the profile has enabled or disabled protection of Windows station bridging.

Detect Wireless Bridge

Shows if the profile has enabled or disabled detection of wireless bridging.

Wireless Bridge detection Quiet Time

Time, in seconds, that must elapse after a wireless

bridge alarm has been triggered before another identical

alarm may be triggered.

Protect From Wireless Hosted Networks

Shows if the profile has enabled or disabled detection of a wireless hosted network.

Wireless Hosted Network Quiet Time

The wireless hosted network detection feature sends a log message and trap when a wireless hosted network is detected. The quiet time displayed in this field displays the amount of time, in seconds, that must elapse after a wireless hosted network log message or trap has been triggered before an identical log message or trap can be sent again.

Protect From Wireless Hosted Networks

Shows if the profile has enabled or disabled containment on a wireless hosted network by launching a DoSDenial of Service. DoS is any type of attack where the attackers send excessive messages to flood traffic and thereby preventing the legitimate users from accessing the service. attack to disrupt associations between a Windows 7 software-enabled Access Point (softAP) and a client, and disrupt associations between the client that is hosting the softAP and any access point to which the host connects.

Related Commands

Command

Description

ids unauthorized-device-profile

This command configure the Unauthorized Device profile.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command Introduced.

Command Information

Platforms

License

Command Mode

All platforms

Requires the RFprotect license.

Config mode on Mobility Master.

/*]]>*/