Per wlan configuration table for b/m/u cast storm suppression,ARP spoof detection
and rogue MU detection
Bcast/Mcast/Ucast Storm Suppression.
A high threshold and a low threshold is configured per wlan,
in IN direction.When the rate of b/m/u cast packets
exceeds the high threshold configured for a wlan, all
packets are throttled till the rate falls below the configured
rate. When the rate of b/m/u cast packets exceeds the configured threshold,
a warning is posted to the console if logging is enabled.
Thresholds are configured in terms of packets/second.
ARP spoof Detection
Marking DHCP and ARP trust on wlan indices for ARP spoof detection
Rogue MU Detection
MUs pumping denied traffic are either de-authentiacted or a warning posted
through syslog based on a user configurable per wlan threshold of
allowed MU denies per second. It's not necessary that the MU hit the same deny
rule for triggering the action. It's the cumulative number of denials within the
specified period that leads to the action. Logging of the event is a must, though
deauthentication is optional.
Parsed from file WS-SW-FIREWALL-MIB.mib.txt
Company: motorola
Module: WS-SW-FIREWALL-MIB
Vendor: Motorola
Module: WS-SW-FIREWALL-MIB (WS-SW-FIREWALL-MIB.mib)
Type: TABLE
Access: not-accessible
Syntax: SEQUENCE OF
Automatically extracted from www.mibdepot.com
wsSwFirewallWlanTable OBJECT-TYPE SYNTAX SEQUENCE OF WsSwFirewallWlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Per wlan configuration table for b/m/u cast storm suppression,ARP spoof detection and rogue MU detection Bcast/Mcast/Ucast Storm Suppression. A high threshold and a low threshold is configured per wlan, in IN direction.When the rate of b/m/u cast packets exceeds the high threshold configured for a wlan, all packets are throttled till the rate falls below the configured rate. When the rate of b/m/u cast packets exceeds the configured threshold, a warning is posted to the console if logging is enabled. Thresholds are configured in terms of packets/second. ARP spoof Detection Marking DHCP and ARP trust on wlan indices for ARP spoof detection Rogue MU Detection MUs pumping denied traffic are either de-authentiacted or a warning posted through syslog based on a user configurable per wlan threshold of allowed MU denies per second. It's not necessary that the MU hit the same deny rule for triggering the action. It's the cumulative number of denials within the specified period that leads to the action. Logging of the event is a must, though deauthentication is optional. " ::= { wsSwFirewallWlan 1 }
OID | Name | Sub children | Sub Nodes Total | Description |
---|---|---|---|---|
1.3.6.1.4.1.388.14.2.16.1.1.3.1.1 | wsSwFirewallWlanEntry | 10 | 10 | Wlan level configuration table for ARP spoof detection,ARP rate limiting Bcast storm suppression and Rogue MU traffic detection |