Event – Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 1157
Brocade Mobility RFS Controller CLI Reference Guide
1149
53-1003098-01
21
event
Configures events, filters and threshold values for this WIPS policy. Events are grouped into three
categories, AP anomaly, client anomaly, and excessive. WLANs are baselined for matching criteria.
Any deviation from this baseline is considered an anomaly and logged as an event.
Supported in the following platforms:
•
Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point
•
Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000
•
Service Platforms — Brocade Mobility RFS9510
Syntax:
event [br-anomaly|client-anomaly|enable-all-events|excessive]
event br-anomaly
[ad-hoc-violation|airjack|br-ssid-broadcast-in-beacon|asleap|
impersonation-attack|null-probe-response|transmitting-device-using-invalid-ma
c|
unencrypted-wired-leakage|wireless-bridge]
event client-anomaly [dos-broadcast-deauth|fuzzing-all-zero-macs|
fuzzing-invalid-frame-type|fuzzing-invalid-mgmt-frames|fuzzing-invalid-seq-nu
m|
identical-src-and-dest-addr|invalid-8021x-frames|netstumbler-generic|
non-conforming-data|tkip-mic-counter-measures|wellenreiter]
{filter-ageout <0-86400>}
event enable-all-events
event excessive
[80211-replay-check-failure|aggressive-scanning|auth-server-failures|
decryption-failures|dos-assoc-or-auth-flood|dos-eapol-start-storm|
dos-unicast-deauth-or-disassoc|eap-flood|eap-nak-flood|frames-from-unassoc-st
ation]
{filter-ageout <0-86400>|threshold-client <0-65535>|threshold-radio
<0-65535>}
Parameters