Cumulative Tab

New Associations

Enter the maximum number of new associations per minute AirDefense will allow between a BSS and all Wireless Clients combined.

Default = 20.

Generally, this number should be low. Your Wireless Clients should associate with a BSS once in the morning when users log on, and rarely after that. In some cases, if the threshold value represents the actual number of Wireless Clients in a BSS, an alarm will be generated if the BSS goes off-line, forcing the Wireless Clients to re-associate with it. In no case should this value be greater than the actual number of Wireless Clients in a BSS.

If the signal strength between a Wireless Client and a BSS is very low, the Wireless Client may repeatedly lose connectivity and then reconnect, increasing the number of associations per minute.

Total Associations

Enter the total number of Wireless Clients allowed to associate at any one time with a BSS. This number should reflect your actual number of Wireless Clients. AirDefense generates an alarm if it detects a greater number, assuming that the extra associations are made by hackers.

Default = 15.

Data Frames Seen

Enter the maximum number of data frames per minute allowed to be transmitted from all Wireless Clients combined. If AirDefense detects a greater number, it generates an alarm.

Default = 0.

Management Frames Seen

Enter the maximum number of management frames per minute allowed to be transmitted from all Wireless Clients combined. If AirDefense detects a greater number, it generates an alarm.

Default = 0.

Control Frames Seen

Enter the maximum number of control frames per minute allowed to be transmitted from all Wireless Clients combined. If AirDefense detects a greater number, it generates an alarm.

Default = 0.

Association Frames Seen

Enter the maximum number of association frames allowed to be transmitted or received from all Wireless Clients. If AirDefense detects a greater number, it generates an alarm.

Default = 0.

Disassociation Frames Seen

Enter the maximum number of disassociation frames allowed to be transmitted or received from all Wireless Clients. If AirDefense detects a greater number, it generates an alarm.

Default = 0.

802.11 Authentication Frames Seen

Enter the maximum number of 802.11 authentication frames allowed to be transmitted or received from all Wireless Clients. If AirDefense detects a greater number, it generates an alarm.

Default = 0.

802.1x Authentication Frames Seen

Enter the maximum number of 802.1x authentication frames allowed to be transmitted or received from all Wireless Clients. If AirDefense detects a greater number, it generates an alarm.

Default = 0.

Deauthentication Frames Seen

Enter the maximum number of de-authentication frames allowed to be transmitted or received from all Wireless Clients. If AirDefense detects a greater number, it generates an alarm.

Default = 0.

Probe Requests Seen

Enter the maximum number of probe requests allowed to be transmitted or received from all Wireless Clients. If AirDefense detects a greater number, it generates an alarm.

Default = 0.

Wired to Wireless Traffic %

Enter the maximum percentage of data, per minute, allowed into a BSS from the wired portion of your network. If AirDefense detects a greater number, it generates an alarm.

Default = 60.

Wireless to Wired Traffic %

Enter the maximum percentage of data per minute allowed out of a BSS to a wired portion of your network. If AirDefense detects a greater number, it generates an alarm.

Default = 60.

Wireless station to station Traffic %

Enter the maximum percentage of data per minute allowed to be transmitted within the BSS from all Wireless Clients. If AirDefense detects a greater number, it generates an alarm.

Default = 50.

Wired station to station Traffic %

Enter the maximum percentage of data per minute allowed to be transmitted from a wired portion of the network to another wired portion of the network, using an AP as a bridge. If AirDefense detects a greater number, it generates an alarm.

Default = 1.

Low Speed Frames %

802.11 protocols operate on a shared medium and use collision avoidance mechanism to access this medium. Excessive use of lower rates for transmitting frames is likely caused by stations which are either misconfigured to use lower rates or are too far from the APs to be able to support higher rates and cause alarms to be generated.

Enter the maximum percentage of data per minute allowed for low speed frames to be transmitted or received from all stations. If AirDefense detects a greater number, it generates an alarm.

Default = 0.

Layer 3 Multicast Frames %

An alarm that is generated when the system has detected a high percentage of multicast traffic violating the policy thresholds. This may be a result of potential Layer 3 broadcast storm attacks on the network.

Enter the maximum percentage of data per minute allowed for multicast frames to be transmitted or received within a BSS from all stations. If AirDefense detects a greater number, it generates an alarm.

Default = 0.

Layer 3 Broadcast Frames %

An alarm that is generated when the system has detected a high percentage of broadcast traffic violating the policy thresholds. This may be a result of potential Layer 3 broadcast storm attacks on the network.

Enter the maximum percentage of data per minute allowed for broadcast frames to be transmitted or received within a BSS from all stations. If AirDefense detects a greater number, it generates an alarm.

Default = 0.

Retransmission Frames %

Enter the maximum percentage of retransmitted data frames allowed during a transmission of data within a BSS from all stations. If AirDefense detects a greater number, it generates an alarm.

Default = 0.

PS Poll Frames Seen

An alarm is generated by a DOS attack using an excessive number of PS-POLL frames have been detected.

Enter the maximum number of PS Poll frames to be seen within a BSS. If AirDefense detects a greater number, it generates an alarm.Default = 0.