Intrusion Prevention Policy

These policies prevent the network against any wireless threats that may be harmful. The system can protect multiple threats too depending on the intrusion prevention level. You can be prevented against any unwanted communication in your 802.11 network by Wireless Manager.

JSON Table

Parameter	Data Type	Description
policyCreatedAtLocId	application/json	ID of the location at which the policy has been defined. For details about the JSON, click Location ID.
policyType	String	A read-only field for internal use.
categorizedRogueAP	boolean	A true or false value indicating whether the intrusion prevention setting for APs categorized as Rogue is enabled. True indicates that the setting is enabled.
uncatApPotentiallyRogue	boolean	A true or false value indicating whether the intrusion prevention setting for APs categorized as potential Rogue is enabled. True indicates that the setting is enabled.
uncatApPotentiallyAuth	boolean	A true or false value indicating whether the intrusion prevention setting for APs categorized as potential Rogue is enabled. True indicates that the setting is enabled.
uncatIndeterminateAp	boolean	A true or false value indicating whether the intrusion prevention setting for uncategorized indeterminate APs is enabled. True indicates that the setting is enabled.
bannedAp	boolean	A true or false value indicating whether the intrusion prevention setting for banned APs is enabled. True indicates that the setting is enabled.
misconfInsecureAuthAp	boolean	A true or false value indicating whether the intrusion prevention setting for misconfigured authorized APs is enabled. True indicates that the setting is enabled.
authClientConnectedToGuestAp	boolean	A true or false value indicating whether the intrusion prevention setting for authorized clients connected to a guest AP is enabled. True indicates that intrusion prevention setting for authorized clients connected to a guest AP
authClientConnectedToUncatPotIndtAp	boolean	A true or false value indicating whether the intrusion prevention setting for authorized clients connected to an external or a potentially external AP is enabled. True indicates that intrusion prevention setting for the clients is enabled.
authClientsInAdhoc	boolean	A true or false value indicating whether the intrusion prevention setting for authorized clients participating in any adhoc network is enabled. True indicates that the intrusion prevention setting is enabled.
apSpoofingAuthAp	boolean	A true or false value indicating whether the intrusion prevention setting for APs spoofing the MAC address of any authorized AP is enabled. True indicates that the intrusion prevention seting is enabled.
authClientConnectionToHoneypotAp	boolean	A true or false value indicating whether the intrusion prevention setting for Authorized Clients connecting to Honeypot/Evil Twin APs is enabled. True indicates that the intrusion prevention setting is enabled.
devDisruptAuthNetwork	boolean	A true or false value indicating whether the intrusion prevention setting against any device launching a Denial of Service (DoS) attack on the network is enabled. True indicates that the intrusion prevention setting is enabled.
autoIpLevel	String	The applicable values are: BLOCK_ID DISRUPT_ID INTERRUPT_ID DEGRADE_ID
activeWepCracking	boolean	A true or false value indicating whether the intrusion prevention setting for an authorized AP under active WEP key cracking attack is enabled.
clientFingerPrintMismatch	boolean	A true or false value indicating whether the intrusion prevention setting for an authorized client with an RF Signature mismatch is enabled. True indicates that the intrusion prevention setting is enabled.
authClientBridging	boolean	A true or false value indicating whether the intrusion prevention setting for an authorized client in the Bridging/ICS configuration is enabled. True indicates that the intrusion prevention setting is enabled.
unauthUncatClientBridging	boolean	A true or false value indicating whether the intrusion prevention setting for an extrenal, uncategorized client in the Bridging/ICS configuration is enabled. True indicates that the intrusion prevention setting is enabled.
enterpriseClientBridging	boolean	A true or false value indicating whether the intrusion prevention setting for a bridging/ICS client connected to an enterprise monitored subnet is enabled. True indicates that the intrusion prevention setting is enabled.
nonAuthClientConnectedToAuthAP	boolean	A true or false value indicating whether the intrusion prevention setting for unauthorized clients connecting to authorized APs is enabled.
guestClientConnectedToUncatPotIndtAP	boolean	A true or false value indicating whether the intrusion prevention setting for guest clients connecting to uncategorized APs that are Indeterminate is enabled. True indicates that the intrusion prevention setting is enabled.
guestClientInAdhoc	boolean	A true or false value indicating whether the intrusion prevention setting for guest clients participating in any adhoc network is enabled.
rogueClientInAdhoc	boolean	A true or false value indicating whether the intrusion prevention setting for rogue clients participating in any adhoc network is enabled.
guestClientBridging	boolean	A true or false value indicating whether the intrusion prevention setting for a guest client in Bridging/ICS configuration is enabled.
rogueClientBridging	boolean	A true or false value indicating whether the intrusion prevention setting for a rogue client in the Bridging/ICS configuration is enabled.
extClientConnectedToAuthGuestAP	boolean	A true or false value indicating whether the intrusion prevention setting for external clients connecting to guest APs is enabled.
uncatClientConnectedToAuthGuestAP	boolean	A true or false value indicating whether the intrusion prevention setting for uncategorized client connecting to Guest APs is enabled.
rogueClientConnectedToAuthGuestAP	boolean	A true or false value indicating whether the intrusion prevention setting for rogue client connecting to guest APs is enabled.
authClientConnectedToExtApAndUncatPotExtAPs	boolean	A true or false value indicating whether the intrusion prevention setting for authorized clients connecting to external and uncategorized potentially external APs.
bannedClientConnectionToAuthAndGuestAP	boolean	A true or false value indicating whether the intrusion prevention setting for a banned client connecting to authorized and guest APs.
bannedClientConnectionToUncatIndtAP	boolean	A true or false value indicating whether the intrusion prevention setting for a banned client connecting to uncategorized, indeterminate APs is enabled.
guestClientConnectedToExtApAndUncatPotExtAP	boolean	A true or false value indicating whether the intrusion prevention setting for guest client connecting to potential external and uncategorized APs is enabled.
rogueClientConnectedToAnyAP	boolean	A true or false value indicating whether the intrusion prevention setting for rogue clients connecting to any AP (for non-WiFi environments) is enabled.
unapprovedSmartDeviceHandlingEnabled	boolean	A true or false value indicating whether the special handling of unapproved smart devices is enabled.
intrusionPreventSDConnectingToAuth	boolean	A true or false value indicating whether smart devices connecting to guest AP, but not authorized AP, are allowed. True indicates that the smart devices connecting to a guest AP are allowed.
intrusionPrevensionSDConnectingToGuestOrAuth	boolean	A true or false value indicating whether smart devices connecting to guest and authorized AP are disallowed.
authClientConnectionToDisallowedSSIDs	boolean	It allow user to set Authorized SSIDs for the selected Clients.

Sample JSON

{
    "policyCreatedAtLocId": {
        "type": "locallocationid",
        "id": 0
    },
    "policyType": "INTRUSION_PREVENTION_POLICY",
    "categorizedRogueAP": true,
    "uncatApPotentiallyRogue": false,
    "uncatApPotentiallyAuth": true,
    "uncatIndeterminateAp": false,
    "bannedAp": true,
    "misconfInsecureAuthAp": true,
    "authClientConnectedToGuestAp": false,
    "authClientConnectedToUncatPotIndtAp": true,
    "authClientsInAdhoc": true,
    "apSpoofingAuthAp": false,
    "authClientConnectionToHoneypotAp": true,
    "devDisruptAuthNetwork": false,
    "autoIpLevel": "DISRUPT_ID",
    "activeWepCracking": false,
    "clientFingerPrintMismatch": false,
    "authClientBridging": true,
    "unauthUncatClientBridging": false,
    "enterpriseClientBridging": true,
    "nonAuthClientConnectedToAuthAP": false,
    "guestClientConnectedToUncatPotIndtAP": false,
    "guestClientInAdhoc": false,
    "rogueClientInAdhoc": false,
    "guestClientBridging": false,
    "rogueClientBridging": true,
    "extClientConnectedToAuthGuestAP": false,
    "uncatClientConnectedToAuthGuestAP": false,
    "rogueClientConnectedToAuthGuestAP": true,
    "authClientConnectedToExtApAndUncatPotExtAPs": true,
    "bannedClientConnectionToAuthAndGuestAP": true,
    "bannedClientConnectionToUncatIndtAP": false,
    "guestClientConnectedToExtApAndUncatPotExtAP": false,
    "rogueClientConnectedToAnyAP": false,
    "unapprovedSmartDeviceHandlingEnabled": false,
    "intrusionPreventSDConnectingToAuth": false,
    "intrusionPrevensionSDConnectingToGuestOrAuth": false,
    "authClientConnectionToDisallowedSSIDs": true
}

API Calls

Get

/V5/policies/intrusionprevention/{fetch_factory_default}

Put

/V5/policies/intrusionprevention

Put

<Base_URL>/V2/analytics/associationdata/{startdate}/{enddate}

Post

/V5/policies/intrusionprevention

Delete

/V5/policies/intrusionprevention

Get Intrusion Prevention Policy

Description	This API is used to fetch the Intrusion Prevention Policy at a specified location from Wireless Manager or Arista Cloud Services. Users with the roles can call this API: superuser, administrator, operator, and viewer.
Syntax	Get <Base_URL>/policies/intrusionprevention/{fetch_factory_default}? locationid=<value>&nodeid=<value> Here, locationid It is an integer value specifying the location for which the Intrusion Prevention Policy is fetched. To retrieve the value for location id refer Location call. nodeid It is an integer value specifying the node in a server cluster setup. fetch_factory_default Is a boolean value specifying whether factory default policies will be fetched or user-defined policies. If set to true the factory default policies are fetched, and if set to false user-defined policies are fetched.
Sample code	Get https://training.mojonetworks.com/new/webservice/V5/policies /intrusionprevention/true?locationid=0&nodeid=1
Request Body	This API call does not require any request body parameters.
Response Body	If the API call is successful, the HTTP response status is 200. The response body contains the details of Intrusion Prevention Policy. The response is in the application/json format.

Customize Intrusion Prevention Policy

Description	This API is used to customize the Intrusion Prevention Policy at a specified location in Wireless Manager or Arista Cloud Services. Users with the roles can call this API: superuser, administrator, operator, and viewer.
Syntax	PUT <Base_URL>/policies/intrusionprevention?locationid=<value>&nodeid=<value> Here, locationid It is an integer value specifying the location for which the Intrusion Prevention Policy is customized. To retrieve the value for location id refer Location call. nodeid It is an integer value specifying the node in a server cluster setup.
Sample code	PUT https://training.mojonetworks.com/new/webservice/v5/policies/ intrusionprevention?locationid=1
Request Body	This API call does not require any request body parameters.
Response Body	If the API call is successful, the HTTP response status is 204. The response body does not contain any information.

Put APIs

Description	This API is used to fetch the APs that match the specified filter criteria from the allowed locations for the logged-in user. If no filters are specified, all the APs from the allowed locations are fetched. However, this API is not supported in a server cluster environment. Note: Do not use this API to fetch more than 100 devices. For fetching larger number of devices, consider using the Get Paged List of APs API.
User Privileges	Users with the following roles can call this API: superuser, administrator, and operator. Request Body Parameters This API call does not require any request body parameters. Response Body If the API call is successful, the HTTP response status is 200. The response body contains the details of the APs that match the filter criteria. The response is in the application/json format. Click AP to view the complete detais of the JSON along with a sample output. Error codes If the API call is successful, the HTTP response status is 200.
Syntax	GET /devices/aps
Sample code	GET https://training.mojonetworks.com/new/webservice/v2/devices/aps GET https://training.mojonetworks.com/new/webservice/v2/devices/aps?macaddress=00:11:74:33:23:12&macaddress=00:11:74:45:12:21 GET https://training.mojonetworks.com/new/webservice/v2/devices/aps?capability=49&locationid=10&locationid=12&sortcolumn=devicename&sortascending=false
URL Parameters	This API call takes optional URL parameters to filter the list of APs to be fetched and the column on which the output must be sorted. AP Filter Parameters lists the parmeter names, datatypes, applicable values, and whether the results can be sorted based on the parameter.
Query Parameters	This API call takes optional URL parameters to filter the list of APs to be fetched and the column on which the output must be sorted. AP Filter Parameters lists the parmeter names, datatypes, applicable values, and whether the results can be sorted based on the parameter.
Response Body	If the API call is successful, the HTTP response status is 200. The response body contains the details of the APs that match the filter criteria. The response is in the application/json format. Click AP to view the complete detais of the JSON along with a sample output.

Modify Intrusion Prevention Policy

Description	This API is used to modify Intrusion Prevention Policy at a specified location in Wireless Manager or Arista Cloud Services. Before calling this API, the policy must be customized by calling the Customize Intrusion Prevention Policy API at the specified location. Users with the roles can call this API:superuser, administrator, operator, and viewer.
Syntax	POST <Base_URL>/policies/intrusionprevention?locationid=<value>&nodeid=<value> Here, locationid It is an integer value specifying the location for which the Intrusion Prevention Policy is modified. To retrieve the value for location id refer Location call. nodeid It is an integer value specifying the node in a server cluster setup.
Sample code	POST https://training.mojonetworks.com/new/webservice/V5/policies/ intrusionprevention?locationid=2
Request Body	This API call requires the modified details of the Intrusion Prevention Policy, which are passed as parameters in the request body. The parameters are passed in the application/json format. You must provide the appropriate values for the following mandatory JSON attributes. autoIpLevel A sample request will have a structure as follows: { ... List of Intrusion Prevention Policy with mandatory attribute mentioned above. ... }
Response Body	If the API call is successful, the HTTP response status is 204. The response body does not contain any information.

Inherit Intrusion Prevention Policy

Description	This API is used to inherit Intrusion Prevention Policy at a specified location from its parent location in the Mojo Server or the Arista Cloud Services. The Intrusion Prevention Policy, by default, is inherited from the parent location. This API can be called to inherit the policy from the parent location if the Customize Intrusion Prevention Policy API was called at a specified location earlier. On calling this API, the customized Intrusion Prevention Policy is deleted and the policy defined on the parent location is inherited. Users with the roles can call this API: superuser, administrator, operator and viewer.
Syntax	DELETE <Base_URL>/policies/intrusionprevention?locationid=<value>&nodeid=<value> Here, locationid It is an integer value specifying the location for which the Intrusion Prevention Policy is inherited. To retrieve the value for location id refer Location call. nodeid It is an integer value specifying the node in a server cluster setup.
Sample code	DELETE https://training.mojonetworks.com/new/webservice/V5/policies/ intrusionprevention?locationid=2
Request Body	This API call does not require any request body parameters.
Response Body	If the API call is successful, the HTTP response status is 204. The response bodydoes not contain any information.

Test APIs

Description	This API is used to fetch the APs that match the specified filter criteria from the allowed locations for the logged-in user. If no filters are specified, all the APs from the allowed locations are fetched. However, this API is not supported in a server cluster environment. Note: Do not use this API to fetch more than 100 devices. For fetching larger number of devices, consider using the Get Paged List of APs API.
User Privileges	Users with the following roles can call this API: superuser, administrator, and operator. Request Body Parameters This API call does not require any request body parameters. Response Body If the API call is successful, the HTTP response status is 200. The response body contains the details of the APs that match the filter criteria. The response is in the application/json format. Click AP to view the complete detais of the JSON along with a sample output. Error codes If the API call is successful, the HTTP response status is 200.
Syntax	GET /devices/aps
Sample code	GET https://training.mojonetworks.com/new/webservice/v2/devices/aps GET https://training.mojonetworks.com/new/webservice/v2/devices/aps?macaddress=00:11:74:33:23:12&macaddress=00:11:74:45:12:21 GET https://training.mojonetworks.com/new/webservice/v2/devices/aps?capability=49&locationid=10&locationid=12&sortcolumn=devicename&sortascending=false
URL Parameters	This API call takes optional URL parameters to filter the list of APs to be fetched and the column on which the output must be sorted. AP Filter Parameters lists the parmeter names, datatypes, applicable values, and whether the results can be sorted based on the parameter.
Query Parameters	This API call takes optional URL parameters to filter the list of APs to be fetched and the column on which the output must be sorted. AP Filter Parameters lists the parmeter names, datatypes, applicable values, and whether the results can be sorted based on the parameter.
Response Body	If the API call is successful, the HTTP response status is 200. The response body contains the details of the APs that match the filter criteria. The response is in the application/json format. Click AP to view the complete detais of the JSON along with a sample output.

Understand Arista Cloud Architecture

Know what Arista APIs can do

Know how Arista APIs work?

API Reference

Intrusion Prevention Policy