Configuring blacklist and whitelist, Configuring static lists, Configuring dynamic blacklist – H3C Technologies H3C MSR 50 User Manual
Page 69
60
Task Command
Remarks
Display the count of attacks
detected by WLAN IDS IPS.
display wlan ids statistics [ |
{ begin | exclude | include }
regular-expression ]
Available in any view.
Clear the history of attacks
detected by the WLAN system.
reset wlan ids history
Available in user view.
Clear the statistics of attacks
detected in the WLAN system.
reset wlan ids statistics
Available in user view.
Configuring blacklist and whitelist
Perform this task to configure the static blacklist, static white list, enable dynamic blacklist feature, and
configure the lifetime for dynamic entries.
•
WLAN IDS permits devices present in the static white list. You can add entries into or delete entries
from the list.
•
WLAN IDS denies devices present in the static blacklist. You can add entries into or delete entries
from the list.
•
WLAN IDS adds dynamically detected attack devices into the dynamic blacklist. You can set a
lifetime in seconds for dynamic blacklist entries. After the lifetime of an entry expires, the device
entry will be removed from the dynamic blacklist. If a flood attack from the device is detected again
before the lifetime expires, the entry is refreshed.
Configuring static lists
Step Command
Remarks
211.
Enter system view.
system-view
N/A
212.
Enter WLAN IDS view.
wlan ids
N/A
213.
Add an entry into the white
list.
whitelist mac-address mac-address
Optional.
By default, no white list exists.
214.
Add an entry into the static
blacklist.
static-blacklist mac-address
mac-address
Optional.
By default, no static blacklist exists.
Configuring dynamic blacklist
Step Command
Remarks
215.
Enter system view.
system-view
N/A
216.
Enter WLAN IDS view.
wlan ids
N/A
217.
Enable the dynamic blacklist
feature.
dynamic-blacklist enable
Optional.
By default, the dynamic blacklist
feature is disabled.