beautypg.com

Configuring wlan security, Blacklist and white list, Configuring the blacklist and white list functions – H3C Technologies H3C MSR 50 User Manual

Page 140: Configuring dynamic blacklist

background image

119

Configuring WLAN security

When it comes to security, a WLAN is inherently weaker than a wired LAN because all the wireless

devices use the air as the transmission media, which means that the data transmitted by one device can

be received by any other device within the coverage of the WLAN. To improve WLAN security, you can
use white and black lists and user isolation to control user access and behavior.

Blacklist and white list

You can configure the blacklist and white list functions to filter frames from WLAN clients and thereby

implement client access control.
The WLAN client access control is accomplished through the following three types of lists.

White list—Contains the MAC addresses of all clients allowed to access the WLAN. If the whitelist
is used, only permitted clients can access the WLAN, and all frames from other clients will be

discarded.

Static blacklist—Contains the MAC addresses of clients forbidden to access the WLAN. This list is
manually configured.

Dynamic blacklist—Contains MAC addresses of clients whose frames will be dropped. A client is
dynamically added to the list if it is considered sending attacking frames until the timer of the entry

expires.

When a device receives an 802.11 frame, it checks the source MAC address of the frame and processes

the frame as follows:

1.

If the source MAC address does not match any entry in the white list, it is dropped. If there is a
match, the frame is considered valid and will be further processed.

2.

If no white list entries exist, the static and dynamic blacklists are searched.

If the source MAC address matches an entry in any of the two lists, it is dropped.

If there is no match, or no blacklist entries exist, the frame is considered valid and will be further
processed.

Configuring the blacklist and white list functions

Configuring dynamic blacklist

Select Interface Setup > Wireless > Security from the navigation tree, and then click the Blacklist tab.

This manual is related to the following products: