Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

878

Brocade Mobility RFS Controller CLI Reference Guide

53-1003098-01

10

event dos-cts-flood threshold [cts-frames-ratio <0-65535>|mu-rx-cts-frame

<0-65535>]

multicast-all-systems-on-su
bnet

This event occurs when a sanctioned device detects multicast packets to all systems on the subnet

multicast-dhcp-server-relay
-agent

This event occurs when a sanctioned device detects a DHCP server relay agent in the network

multicast-hsrp-agent

This event occurs when a sanctioned device detects a Hot Standby Router Protocol (HSRP) agent in the
network

multicast-igmp-detection

This event occurs when a sanctioned device detects multicast Internet Group Management Protocol (IGMP)
packets.

multicast-igrp-routers-detec
tion

This event occurs when a sanctioned device detects multicast Interior Gateway Routing Protocol (IGRP)
packets.

multicast-ospf-all-routers-d
etection

This event occurs when a sanctioned device detects multicast Open Shortest Path First (OSPF).packets

multicast-ospf-designated-r
outers-detection

This event occurs when a sanctioned device detects multicast OSPF routers in the network.

multicast-rip2-routers-dete
ction

This event occurs when a sanctioned device detects multicast Routing Information Protocol version 2 (RIP2)
routers in the network.

multicast-vrrp-agent

This event occurs when a sanctioned device detects multicast Virtual Router Redundancy Protocol (VRRP)
agents in the network.

netbios-detection

This event occurs when netbios packets are detected in the network.
Network Basic Input/Output System (netbios) provides services related to the sessions layer of the OSI
model. This allows applications on different devices to communicate over the local area network.

null-probe-response-detect
ed

This event occurs when a sanctioned device detects null probe response packets.

stp-detection

This event occurs when a sanctioned device detects Scanning Tunnelling Protocol (STP) packets in the
network.

unauthorized-bridge

This event occurs when unauthorized bridges are detected in the network.

windows-zero-config-memo
ry-leak

This event occurs when a Windows™ Zero-Config memory leak is detected.

wlan-jack-attack-detected

This event occurs when a WLAN-jack exploit is detected.
WLAN-jack is a tool in the AirJack suite that forces an AP to disassociate a valid client. The attacker sends
deauthentication frames continuously or uses the broadcast address. This prevents the wireless clients
from reassociating with the AP.

trigger-against
[neighboring|
sanctioned|
unsanctioned]

The following keywords are common to all of the above events:

•

trigger-against – Configures the event trigger condition

•

neighboring – The selected event is triggered only against neighboring devices

•

sanctioned – The selected event is triggered only against sanctioned devices

•

unsanctioned – The selected event is triggered only against unsanctioned devices

dos-cts-flood

This event occurs when a large number of clear to send (CTS) frames are detected in the network

threshold
[cts-frames-ratio
<0-65535>|
mu-rx-cts-frame
<0-65535>]

Sets the CTS flood threshold

•

cts-frames-radio <0-65535> – Sets the CTS:Total Frames ratio for triggering this event

•

<0-65535> – Specify the value from 0 - 65535.

•

mu-rx-cts-frame – Sets the CTS frame received by clients

•

<0-65535> – Specify the value from 0 - 65535.