Configuring rogue device detection, Configuring ap operating mode – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 493
42-5
White list: Contains MAC addresses of stations whose frames can be processed. If the white list is
used, only permitted clients can access the WLAN, and all frames from other clients will be
discarded.
Static blacklist: Contains MAC addresses of stations whose frames should be dropped. This list is
configured by the user.
Dynamic blacklist: Contains MAC addresses of clients whose frames will be dropped. A client is
dynamically added to the list if it sends attacking frames.
Figure 42-4 Network diagram for WLAN client access control
In the topology above, three APs are connected to an AC. Configure white list and blacklist entries on
the AC, which will send all the entries to the APs. If the MAC address of a station, Client 1 for example,
is present in the blacklist, it cannot access any of the APs. If only the MAC address of Client 1 is present
in the white list, it can access any of the APs but others cannot access any of the APs..
Configuring Rogue Device Detection
Perform the tasks in
to configure rogue detection.
Table 42-1 Rogue detection configuration task list
Task
Remarks
Required
By default, the AP operates in normal mode and only
provides WLAN data services.
Configuring Detection Rule Lists
Required
Enabling Countermeasures and Configuring Aging
Time for Detected Rogue Devices
Optional
Configuring AP Operating Mode
Select Security > Rogue Detection
from the navigation tree, and then select the AP Monitor tab to
enter the AP monitor configuration page as shown in