Configuring blacklist and whitelist, Configuring static lists, Configuring dynamic blacklist – H3C Technologies H3C MSR 50 User Manual

60

Task Command

Remarks

Display the count of attacks
detected by WLAN IDS IPS.

display wlan ids statistics [ |
{ begin | exclude | include }
regular-expression ]

Available in any view.

Clear the history of attacks
detected by the WLAN system.

reset wlan ids history

Available in user view.

Clear the statistics of attacks
detected in the WLAN system.

reset wlan ids statistics

Available in user view.

Configuring blacklist and whitelist

Perform this task to configure the static blacklist, static white list, enable dynamic blacklist feature, and

configure the lifetime for dynamic entries.

•

WLAN IDS permits devices present in the static white list. You can add entries into or delete entries

from the list.

•

WLAN IDS denies devices present in the static blacklist. You can add entries into or delete entries
from the list.

•

WLAN IDS adds dynamically detected attack devices into the dynamic blacklist. You can set a
lifetime in seconds for dynamic blacklist entries. After the lifetime of an entry expires, the device

entry will be removed from the dynamic blacklist. If a flood attack from the device is detected again

before the lifetime expires, the entry is refreshed.

Configuring static lists

Step Command

Remarks

211.

Enter system view.

system-view

N/A

212.

Enter WLAN IDS view.

wlan ids

N/A

213.

Add an entry into the white

list.

whitelist mac-address mac-address

Optional.
By default, no white list exists.

214.

Add an entry into the static
blacklist.

static-blacklist mac-address
mac-address

Optional.
By default, no static blacklist exists.

Configuring dynamic blacklist

Step Command

Remarks

215.

Enter system view.

system-view

N/A

216.

Enter WLAN IDS view.

wlan ids

N/A

217.

Enable the dynamic blacklist

feature.

dynamic-blacklist enable

Optional.
By default, the dynamic blacklist
feature is disabled.