Configure Alerts

Applies To: Wi-Fi Cloud-managed Access Points (AP120, AP125, AP225W, AP320, AP322, AP325, AP327X, AP420)

An alert notifies you of an event that impacts your Wi-Fi network. You can customize the thresholds for each type of event that generates alerts. Wi-Fi Cloud organizes alerts into these categories:

  • WiFi — Wi-Fi alerts capture network connectivity and performance events such as client authentication failures and high latencies to services.
  • System — System alerts are for events related to the overall health of Wi-Fi Cloud communications, for example, when an AP is disconnected from the network.
  • WIPS — WIPS alerts are related to Wi-Fi vulnerabilities and attacks that can pose a security threat to your network.

Alerts are location specific. By default, alerts are enabled at all locations. An alert defined at a location is inherited by its subfolder locations. You can customize the alert configuration at a subfolder location or disable alerts for a location.

To download and view a full list of alerts that Wi-Fi Cloud generates, click Download Alerts. To view a summary of possible alerts, see Wi-Fi Cloud Events and Alerts.

Alert Notification Types

There are three methods for alert notification in Discover:

  • Email — Recipients configured in the Email Recipients tab of the Alerts configuration page receive an email about the alert. You can send alert emails to an administrator account, or you can use automatic email ticketing services in Professional Service Automation (PSA) tools such as ConnectWise, Autotask, and Tigerpaw. For more information, see Use Wi-Fi Cloud Discover email alerts with PSA tools.
  • Display — The alert appears on the Monitor > Alerts page and on the respective widgets in Discover.
  • Syslog — Discover sends alert events to the syslog servers configured in System > Third-party Servers > Syslog.

Alert Security Status

You can also set the Security Status for alerts. For WIPS and System events, select the Affects Security Status option to enable an alert to change the security status of a device location.

In the location navigator, you can view the security status of a location by the color code:

  • Red — Indicates a location with a live security alert to indicate a vulnerable device.
  • Green — Indicates no live security alerts for that location.

To view the security status in the location navigator, select Show Status > Security Status for the top-level location folder.

Add an Alert

You can add custom alerts in the WiFi section. WIPS and System alerts contain a set of predefined alerts that you can enable or customize.

To add an alert:

  1. Select Configure > Alerts.
  2. From the Navigator, select the location where you want to configure the alert.
  3. In the Select Alert Category section, select the category of the alert you want to configure. For more information about each category, see Alert Categories.
  4. In the WiFi section, you can click Add WiFi Alert to create a new custom alert. You cannot create custom WIPS or System alerts.
    You can also select an existing alert to edit the alert configuration.
  5. Configure the thresholds that will generate an alert. For more information, see Configure Alerts.
  6. To specify the alert notification methods, select the Email, Display, or Syslog check boxes.
  7. To change the security status for the affected device location, select the Affects Security Status check box.
  8. Click Save.

Screen shot of the Alerts configuration page in Discover

Alert Categories

Discover supports alerts for WiFi, System, and WIPS events.

WiFi

  • Connectivity — Connectivity alerts are generated when connectivity failures exceed a configured threshold. Connectivity alerts include:
    • Connection Failure — An alert is generated when the number of client connectivity failures in the authentication, association, or network connection stages exceeds the configured threshold.
    • Associated Clients — An alert is generated when the number of clients associated to an AP radio exceeds the configured threshold.
  • Performance — One of the factors used to measure the performance of your network is the average latency time for AAA (authentication), DHCP, DNS, and applications. Performance alerts are generated when the average latency exceeds the configured latency threshold for each service.
  • Baseline — Baseline alerts are related to the performance of your network. Alerts are generated when specific thresholds for baseline events are exceeded.
  • Client Connectivity Test — You can configure alerts to notify you when a scheduled client connectivity test fails to start.

System

  • Server — Server alerts are generated based on database log status, AP connection limits, or when Wi-Fi Cloud cannot reach an AP for a specified period.
  • AP/Sensor — AP/Sensor alerts are generated by an issue with a device's connectivity status, security status, or firmware update status.

WIPS

  • Rogue AP — Alerts for any potentially rogue APs. For example, an unauthorized AP connected to the enterprise wired network, a banned AP, or an AP operating on channels that are not allowed.
  • Misconfigured AP — Alerts for any AP behavior that deviates from the authorized Wi-Fi policy. For example, a change to an SSID for an authorized AP, or no encryption on an authorized AP.
  • Misbehaving Clients — Alerts for any client behavior that could compromise network security. For example, authorized client association with an external AP or unauthorized client association with an authorized AP.
  • Man-in-the-middle — Alerts for potential man-in-the-middle attacks. For example, Honeypot/Evil Twin active, or a PS-poll attack.
  • MAC Spoofing — Alerts for AP and client MAC spoofing.
  • Ad-hoc Network — Alerts for an authorized client connected to an ad-hoc network.
  • Prevention — Intrusion prevention alerts. For example, device reached maximum prevention capacity, or AP/client needs to be prevented.
  • DoS — Alerts for potential DoS attacks. For example, disassociation flood attacks and deauthentication flood attacks.

Configure Alerts

You can configure alerts for each alert category type:

Client connection failures can occur in the authentication, association, or network stages of a connection. You can configure alerts for each of these types of connection failures.

To configure a connection failure alert:

  1. Select Configure > Alerts.
  2. Select the location where you want to configure the alert.
  3. In the Select Alert Category section, select Wi-Fi > Connectivity > Connection Failure.
  4. To add an alert, click .
  5. From the Number of client experiencing drop-down list, select a failure type.

You can select Authentication, Association, Network, or Any. If you select Any, all connection failures, irrespective of the type, count against the threshold for the alert.

  1. In the failure exceeds text box, type a threshold for the number of failures (0-100). If the failure count exceeds this threshold, an alert is generated.
  2. To specify the alert notification methods, select the Email, Display, or Syslog check boxes.
  3. Click Save.

You can configure client association alerts for a location, an AP, a frequency band on an AP, or a frequency band across all APs at a location.

To configure an associated clients alert:

  1. Select Configure > Alerts.
  2. Select the location where you want to configure the alert.
  3. In the Select Alert Category section, select Wi-Fi > Connectivity > Associated Clients.
  4. To specify whether to configure the threshold at the AP level or at a location level, select Access Point or Location.
  5. To add an alert, click .
  6. If you selected Access Point, select the access point and frequency band from the drop-down lists, then type an association threshold value (20-100). When the number of associations on the specified frequency band of the AP exceeds the threshold, an alert is generated. If you select Any access point, all APs at the location count against the threshold for the alert.

If you selected Location, specify an association threshold value (20-1000). When the number of client associations on the access points at the location exceeds the threshold, an alert is generated.

  1. To specify the alert notification methods, select the Email, Display, or Syslog check boxes.
  2. Click Save.

You can configure alerts for average network service and application latencies experienced by clients associated to each SSID and each frequency band at a location.

To configure a performance alert:

  1. Select Configure > Alerts.
  2. Select the location where you want to configure the alert.
  3. In the Select Alert Category section, select Wi-Fi > Performance.
  4. To add an alert, click .
  5. Select the Baseline, SSID, and frequency band, then configure the latency threshold. When the baseline for the specified SSID and frequency band exceeds the configured threshold, an alert is generated.

You can choose from these baselines:

  • Clients Affected By Failures
  • Clients Affected By Poor Performance
  • AAA, DHCP, DNS, or Application Latency

If you select Any for any field, then the average latency for the specified combination is considered when compared against the threshold value.

  1. To specify the alert notification methods, select the Email, Display, or Syslog check boxes.
  2. Click Save.

You can generate an alert when a network performance baseline exceeds the threshold.

To configure a baseline alert:

  1. Select Configure > Alerts.
  2. Select the location where you want to configure the alert.
  3. In the Select Alert Category section, select Wi-Fi > Baseline.
  4. To add an alert, click .
  5. Select the baseline type, SSID, and frequency band, and configure the latency threshold. When the baseline for the specified SSID and frequency band exceeds the configured threshold, the alert is generated. If you select Any for the SSID or frequency band, then the overall baseline for all SSID and frequency bands is considered when compared against the threshold value.
  6. To specify the alert notification methods, select the Email, Display, or Syslog check boxes.
  7. Click Save.

You can generate alerts when client connectivity test schedules fail to execute.

To configure a client connectivity test alert:

  1. Select Configure > Alerts.
  2. Select the location where you want to configure the alert.
  3. In the Select Alert Category section, select Wi-Fi > Client Connectivity Test.
  4. To add an alert, click .
  5. From the Scheduled client connectivity test for [x] schedule fails drop-down list, select a test profile name, or select Any for all client connectivity test profiles.

If the scheduled test for any of the test profiles fails to start, an alert is generated. You can configure only one alert for each test profile at a location. If you configure an alert for any test profile, then you cannot configure any more Client Connectivity Test alerts at the selected location.

  1. To specify the alert notification methods, select the Email, Display, or Syslog check boxes.
  2. Click Save.

To configure a Server alert:

  1. Select Configure > Alerts.
  2. Select the location where you want to configure the alert.
  3. In the Select Alert Category section, select System > Server.
  4. Configure an alert.
  5. To specify the alert notification methods, select the Email, Display, or Syslog check boxes.
  6. Click Save.

To configure an AP/Sensor alert:

  1. Select Configure > Alerts.
  2. Select the location where you want to configure the alert.
  3. In the Select Alert Category section, select System > AP/Sensor.
  4. Configure an alert.
  5. To specify the alert notification methods, select the Email, Display, or Syslog check boxes.
  6. Click Save.

To configure WIPS alerts:

  1. Select System > Alerts.
  2. Select the location where you want to configure the alert.
  3. In the Select Alert Category section, select WIPS, then select a sub-category.
  4. Configure an alert.
  5. To specify the alert notification methods, select the Email, Display, or Syslog check boxes.
  6. Click Save.

Download Alerts

To download and view a full list of alerts that Wi-Fi Cloud generates:

  1. Select Configure > Alerts.
  2. Click Download Alerts.

The list of alerts is downloaded in tab-separated value format.

Auto Deletion of Alerts

You can configure how long to store alerts before an alert is automatically deleted.

To configure the auto-deletion settings for alerts in Discover:

  1. Select Configure > Alerts, then click Auto Deletion on the top-right corner of the page.

Screen shot of the Auto Deletion settings for alerts in Discover

  1. In the Number of Security Alerts text box, select the number of security alerts to retain on the server from 0 to 80000. The default is 80000.
  2. In the Number of System Alerts text box, select the number of system alerts to retain on the server from 0 to 2000. The default is 2000.
  3. In the Retain alerts for text box, specify the duration for which alerts are retained on the server from 0 to 180 days. The default is 90 days.
  4. Click Save.

Click Restore Defaults to set the auto deletion options to the default settings.