Cisco Systems OL-29225-01 Film Camera User Manual

Open as PDF

of 514

12-28

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection

Configuring Access Points to Participate in WIDS

Configuring Monitor Mode Limits

You can configure threshold values that the access point uses in monitor mode. When a threshold value

is exceeded, the access point logs the information or sends an alert.

Configuring an Authentication Failure Limit

Setting an authentication failure limit protects your network against a denial-of-service attack called

EAPOL flooding. The 802.1X authentication that takes place between a client and the access point

triggers a series of messages between the access point, the authenticator, and an authentication server

using EAPOL messaging. The authentication server, typically a RADIUS server, can quickly become

overwhelmed if there are too many authentication attempts. If not regulated, a single client can trigger

enough authentication requests to impact your network.

In monitor mode the access point tracks the rate at which 802.1X clients attempt to authenticate through

the access point. If your network is attacked through excessive authentication attempts, the access point

generates an alert when the authentication threshold has been exceeded.

You can configure these limits on the access point:

• Number of 802.1X attempts through the access point

• EAPOL flood duration in seconds on the access point

When the access point detects excessive authentication attempts it sets MIB variables to indicate this

information:

• An EAPOL flood was detected

• Number of authentication attempts

• MAC address of the client with the most authentication attempts

Beginning in privileged EXEC mode, follow these steps to set authentication limits that trigger a fault

on the access point:

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

dot11 ids eap attempts number

period seconds

Configure the number of authentication attempts and the

number of seconds of EAPOL flooding that trigger a fault on

the access point.

Step 3

end Return to privileged EXEC mode.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-29225-01 Film Camera User Manual