Customize DoS Prevention

Complete the Add a Network Policy task.

This task is part of a series for configuring the Optional Settings for a standard wireless network. Use this task to customize settings for broadcast and multicast handling. Use this task to configure defensive settings to protect against Denial of Service (DoS) attacks, and configure SSID access filters based on MAC addresses.

  1. Go to Configure > Network Policies.
  2. Select an existing policy, and then select Edit.
  3. Select Next to open the Wireless Network page.
  4. Go to Additional Settings > Optional Settings, and then select CUSTOMIZE.
  5. Go to the MAC-based Dos Prevention rules for section.
  6. Select an option and configure the settings.
    • SSID—Select to protect against DoS attacks at the MAC layer (Layer 2) on the radio channel that an AP uses for SSID access traffic. The settings for an SSID apply cumulatively to the total amount of Layer 2 traffic that an AP receives on the access channel for the SSID.
    • Client—Select to protect against DoS attacks at the MAC layer (Layer 2) on the radio channel that an AP uses for SSID access traffic. The settings in the MAC DoS configuration object apply to the total amount of Layer 2 traffic that an AP receives on the access channel for the SSID from a single MAC address.
  7. Under IP-based Dos Prevention rules for, select SSID and configure the settings. This configuration protects against Denial of Service attacks at the IP layer (Layer 3) on the radio channel that an AP uses for SSID access traffic.
    The settings in the IP DoS configuration object apply cumulatively to the total amount of Layer 3 traffic that an AP receives on the access channel for the SSID.
  8. Enable MAC-Based filters and select an option for the Default Action.
    • Permit—Enable traffic from clients that do not match one of the selected filters.
    • Deny—Block traffic from clients that do not match any of the selected MAC filters.

    This step makes the Add MAC-Based Filters section available.

  9. Add Mac-based filters.
    1. Scroll to the Add MAC-Based Filters section, and select Add
    2. Specify a MAC or a MAC Oui.
      • Select Select and choose an existing MAC or MAC Oui.
      • Select Add to add a new MAC Address, or MAC Oui.
    3. Select an Action from the menu.
    4. Select ADD.

Continue configuring Optional Settings in the Wireless Networks configuration window. Select SAVE OPTIONAL SETTINGS to save your changes.

9039022-00 Rev AA