Configuring rogue device detection, Recommended configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 636
615
Figure 648 Network diagram for WLAN client access control
•
In the topology above, three APs are connected to an AC. Configure whitelist and static blacklist
entries on the AC, which will send all the entries to the APs. If the MAC address of a station, Client
1 for example, is present in the blacklist, it cannot access any of the APs. If only Client 1 is present
in the whitelist, it can access any of the APs, and other clients cannot access any of the APs.
•
Enable dynamic blacklist function on the AC. If AP 1 receives attack frames from Client 1, a dynamic
blacklist entry is generated in the blacklist. Client 1 cannot associate with AP 1, but can associate
with AP 2 or AP 3. If AP 2 or AP 3 receives attack frames from Client 1, a new dynamic blacklist
entry is generated in the blacklist.
Configuring rogue device detection
Recommended configuration procedure
Step Remarks
1. Configuring AP operating mode
Required.
By default, the AP operates in normal mode and only
provides WLAN data services.
2. Configuring detection rule lists
Required.
3. Enabling countermeasures and configuring
aging time for detected rogue devices
Optional.
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module