550Rogue Detection and Countermeasures

The command applies only to APs managed by the WSS switch on which you enter the command. To enable signatures on all APs in a Mobility Domain, enter the command on each WSS switch in the Mobility Domain.

Note. You must use the same AP signature setting (enabled or disabled) on all WSS switches in a Mobility Domain.

Disabling or Reenabling Logging of Rogues

By default, an WSS switch generates a log message when a rogue is detected or disappears. To disable or reenable the log messages, use the following command:

set rfdetect log {enable disable}

To display log messages on a switch, use the following command:

show log buffer

(This command has optional parameters. For complete syntax information, see the Nortel Mobility System Software Command Reference.)

Enabling Rogue and Countermeasures Notifications

By default, all SNMP notifications (informs or traps) are disabled. To enable or disable notifications for rogue detection, IDS, and DoS protection, configure a notification profile that sends all the notification types for these features. (For syntax information and an example, see “Configuring a Notification Profile” on page 162.)

IDS and DoS Alerts

WSS Software can detect illegitimate network access attempts and attempts to disrupt network service. In response, WSS Software generates messages and SNMP notifications. The following sections describe the types of attacks and security risks that WSS Software can detect.

For examples of the log messages that WSS Software generates when DoS attacks or other security risks are detected, see “IDS Log Message Examples” on page 559.

For information about the notifications, see “Configuring a Notification Profile” on page 162.

Note. To detect DoS attacks, active scan must be enabled. (See “Disabling or

Reenabling Active Scan” on page 549.)

320657-A

Page 550
Image 550
Nortel Networks 2300 manual Disabling or Reenabling Logging of Rogues, Enabling Rogue and Countermeasures Notifications