Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[WLA/WLC] How to configure WLA Intrusion Detection System Logging

0

0

Article ID: KB32679 KB Last Updated: 28 Jun 2018Version: 1.0
Summary:

This article describes the procedure for configuring WLA Intrusion Detection System (IDS) Logging.

Symptoms:

When configuring the WLA IDS logging, the rogue and attack information is retained by the remote WLA until the WLC reconnects to it. This information can be forwared directly to a log server from the WLA.

The following types of attacks and client issues are detected:

  • Probe request flooding
  • Other reserved management frame flooding including subtypes 6, 7, D, E, and F
  • Decrypt errors
  • Weak WEP key used by client
  • FakeAP beacon flooding
Solution:

Steps to configure WIDS Logging

  1. Run the following command:

    WLC# set remote-site site-name log server ip-address port port severity severity

    Site-name — an alphanumeric string up to 32 characters long
    IP Address — IP address in dotted decimal notation
    Port - sets the TCP port for sending messages to the log server. You can specify a number from 1 to 65535. The default value is 524.

  2. To enable or disable remote site logging on the AP, use the following command:

    WLC# set remote-site site-name log mode {enable | disable}

  3. To log the severity level, use the following command and specify the severity level from the options:

    WLC# set remote-site site-name log severity severity

    Specify one of the following for the severity level:

    • emergency — the WLA is unusable.
    • alert — action must be taken immediately.
    • critical — you must resolve the critical conditions.
    • warning — a possible problem exists z notice — events that can potentially cause system problems have occured and are logged for diagnostic purposes. No action is required.
    • info — informational messages only. No problem exists.
    • debug — output from debugging
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search