Wlan ids frame filtering configuration example, Network requirements – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

150

Step Command

Remarks

3.

Add an entry into the white
list.

whitelist mac-address mac-address Optional

4.

Add an entry into the static

blacklist.

static-blacklist mac-address
mac-address

Optional

5.

Enable the dynamic blacklist

feature.

dynamic-blacklist enable

Optional.
By default, the dynamic
blacklist feature is disabled.

6.

Configure the lifetime for
dynamic blacklist entries.

dynamic-blacklist lifetime lifetime

Optional.
By default, the lifetime is 300
seconds.

Displaying and maintaining WLAN IDS frame

filtering

Task Command

Remarks

Display blacklist entries.

display wlan
blacklist { static | dynamic } [ |
{ begin | exclude | include }

regular-expression ]

Available in any view

Display white list entries.

display wlan whitelist [ | { begin |
exclude | include }
regular-expression ]

Available in any view

Clear dynamic blacklist entries.

reset wlan dynamic-blacklist

{ mac-address mac-address | all } Available in user view

WLAN IDS frame filtering configuration example

Network requirements

As shown in

Figure 77

, an AC is connected to a Layer 2 switch. AP 1 and AP 2 are connected to the AC

through the Layer 2 switch. Client 1 (0000-000f-1211) is a rogue client. To ensure WLAN security, add the

MAC address of Client 1 into the blacklist on the AC to disable it from accessing the wireless network
through any AP.

Figure 77 Network diagram