Configuring ids attack detection, Displaying and maintaining ids attack detection, Wlan ids configuration example – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

145

Configuring IDS attack detection

Configuring IDS attack detection

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter IDS view.

wlan ids

N/A

3.

Enable IDS attack detection.

attack-detection enable { all | flood
| weak-iv | spoof }

Disabled by default.

Displaying and maintaining IDS attack detection

Task Command

Remarks

Display all the attacks detected
by WLAN IDS IPS.

display wlan ids history [ | { begin |

exclude | include }
regular-expression ]

Available in any view

Display the count of attacks
detected by WLAN IDS IPS.

display wlan ids statistics [ | { begin |
exclude | include }

regular-expression ]

Available in any view

Clear the history of attacks
detected by the WLAN system. reset wlan ids history

Available in user view

Clear the statistics of attacks
detected in the WLAN system.

reset wlan ids statistics

Available in user view

WLAN IDS configuration example

Network requirements

As shown in

Figure 75

, a monitor AP (with serial ID 210235A29G007C000020) and AP1 (serial ID

210235A29G007C000021) are connected to an AC through a Layer 2 switch.

•

AP1 operates in normal mode, and only provides WLAN services.

•

AP2 operates in monitor mode, and detects rogue devices.

•

Client 1 (MAC address 000f-e215-1515), Client 2 (MAC address 000f-e215-1530) and Client 3
(MAC address 000f-e213-1235) are connected to AP1.

•

Client 4 (MAC address 000f-e220-405e) are considered as rogues.