Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

560

Brocade Mobility Access Point System Reference Guide

53-1003100-01

8

9. Select OK to save the updates to the to Excessive Actions configuration used by the WIPS

policy. Select Reset to revert to the last saved configuration. The WIPS policy can be invoked at
any point in the configuration process by selecting Activate Wireless IPS Policy from the upper,
left-hand side, of the access point user interface.

10. Select the MU Anomaly tab. Ensure the Activate Wireless IPS Policy option remains selected to

enable the screen’s configuration parameters.

FIGURE 19

Wireless IPS screen - WIPS Events - MU Anomaly tab

MU Anomaly events are suspicious events by wireless clients that can compromise the
security and stability of the network. Use the MU Anomaly screen to set the intervals
clients can be filtered upon the generation of each event.

Filter Expiration

Set the duration an event generating client is filtered. This creates a special ACL entry, and
frames coming from the client are dropped. The default setting is 0 seconds.
This value is applicable across the RF Domain. If a station is detected performing an
attack and is filtered by an access point, the information is passed to the domain
controller. The domain controller then propagates this information to all the access points
in the RF Domain.

Client Threshold

Set the client threshold after which the filter is triggered and an event generated.

Radio Threshold

Set the radio threshold after which an event is recorded to the event history.