Use the Cumulative tab to configure threshold to network characteristics for all wireless clients and traffic in the access point BSS (Basic Service Set).
Note
Entering 0 (zero) as a threshold value disables alarm-generation for that particular threshold.
Configure the following thresholds:
| Threshold | Description |
|---|---|
|
New Associations |
Enter the maximum number of new associations per minute Extreme AirDefense will allow between a BSS and all Wireless Clients combined. Default = 20. Generally, this number should be low. Your Wireless Clients should associate with a BSS once in the morning when users log on, and rarely after that. In some cases, if the threshold value represents the actual number of Wireless Clients in a BSS, an alarm will be generated if the BSS goes off-line, forcing the Wireless Clients to re-associate with it. In no case should this value be greater than the actual number of Wireless Clients in a BSS. If the signal strength between a Wireless Client and a BSS is very low, the Wireless Client may repeatedly lose connectivity and then reconnect, increasing the number of associations per minute. |
|
Total Associations |
Enter the total number of Wireless Clients allowed to associate at any one time with a BSS. This number should reflect your actual number of Wireless Clients. Extreme AirDefense generates an alarm if it detects a greater number, assuming that the extra associations are made by hackers. Default = 15. |
|
Data Frames Seen |
Enter the maximum number of data frames per minute allowed to be transmitted from all Wireless Clients combined. If Extreme AirDefense detects a greater number, it generates an alarm. Default = 0. |
|
Management Frames Seen |
Enter the maximum number of management frames per minute allowed to be transmitted from all Wireless Clients combined. If Extreme AirDefense detects a greater number, it generates an alarm. Default = 0. |
|
Control Frames Seen |
Enter the maximum number of control frames per minute allowed to be transmitted from all Wireless Clients combined. If Extreme AirDefense detects a greater number, it generates an alarm. Default = 0. |
|
Association Frames Seen |
Enter the maximum number of association frames allowed to be transmitted or received from all Wireless Clients. If Extreme AirDefense detects a greater number, it generates an alarm. Default = 0. |
|
Disassociation Frames Seen |
Enter the maximum number of disassociation frames allowed to be transmitted or received from all Wireless Clients. If Extreme AirDefense detects a greater number, it generates an alarm. Default = 0. |
|
802.11 Authentication Frames Seen |
Enter the maximum number of 802.11 authentication frames allowed to be transmitted or received from all Wireless Clients. If Extreme AirDefense detects a greater number, it generates an alarm. Default = 0. |
|
802.1x Authentication Frames Seen |
Enter the maximum number of 802.1x authentication frames allowed to be transmitted or received from all Wireless Clients. If Extreme AirDefense detects a greater number, it generates an alarm. Default = 0. |
|
Deauthentication Frames Seen |
Enter the maximum number of de-authentication frames allowed to be transmitted or received from all Wireless Clients. If Extreme AirDefense detects a greater number, it generates an alarm. Default = 0. |
|
Probe Requests Seen |
Enter the maximum number of probe requests allowed to be transmitted or received from all Wireless Clients. If Extreme AirDefense detects a greater number, it generates an alarm. Default = 0. |
|
Wired to Wireless Traffic % |
Enter the maximum percentage of data, per minute, allowed into a BSS from the wired portion of your network. If Extreme AirDefense detects a greater number, it generates an alarm. Default = 60. Use the Min Frame control set the minimum number of frames for this threshold. |
|
Wireless to Wired Traffic % |
Enter the maximum percentage of data per minute allowed out of a BSS to a wired portion of your network. If Extreme AirDefense detects a greater number, it generates an alarm. Use the Min Frame control set the minimum number of frames for this threshold. Default = 60. |
|
Wireless station to station Traffic % |
Enter the maximum percentage of data per minute allowed to be transmitted within the BSS from all Wireless Clients. If Extreme AirDefense detects a greater number, it generates an alarm. Use the Min Frame control set the minimum number of frames for this threshold. Default = 50. |
|
Wired station to station Traffic % |
Enter the maximum percentage of data per minute allowed to be transmitted from a wired portion of the network to another wired portion of the network, using an AP as a bridge. If Extreme AirDefense detects a greater number, it generates an alarm. Use the Min Frame control set the minimum number of frames for this threshold. Default = 1. |
|
Low Speed Frames % |
802.11 protocols operate on a shared medium and use collision avoidance mechanism to access this medium. Excessive use of lower rates for transmitting frames is likely caused by stations which are either misconfigured to use lower rates or are too far from the APs to be able to support higher rates and cause alarms to be generated. Enter the maximum percentage of data per minute allowed for low speed frames to be transmitted or received from all stations. If Extreme AirDefense detects a greater number, it generates an alarm. Use the Min Frame control set the minimum number of frames for this threshold. Default = 0. |
|
Layer 3 Multicast Frames % |
An alarm that is generated when the system has detected a high percentage of multicast traffic violating the policy thresholds. This may be a result of potential Layer 3 broadcast storm attacks on the network. Enter the maximum percentage of data per minute allowed for multicast frames to be transmitted or received within a BSS from all stations. If Extreme AirDefense detects a greater number, it generates an alarm. Use the Min Frame control set the minimum number of frames for this threshold. Default = 0. |
|
Layer 3 Broadcast Frames % |
An alarm that is generated when the system has detected a high percentage of broadcast traffic violating the policy thresholds. This may be a result of potential Layer 3 broadcast storm attacks on the network. Enter the maximum percentage of data per minute allowed for broadcast frames to be transmitted or received within a BSS from all stations. If Extreme AirDefense detects a greater number, it generates an alarm. Use the Min Frame control set the minimum number of frames for this threshold. Default = 0. |
|
Retransmission Frames % |
Enter the maximum percentage of retransmitted data frames allowed during a transmission of data within a BSS from all stations. If Extreme AirDefense detects a greater number, it generates an alarm. Use the Min Frame control set the minimum number of frames for this threshold. Default = 0. |
|
PS Poll Frames Seen |
An alarm is generated by a DOS attack using an excessive number of PS-POLL frames have been detected. Enter the maximum number of PS Poll frames to be seen within a BSS. If Extreme AirDefense detects a greater number, it generates an alarm.Default = 0. |