Configuring ids attack detection, Displaying and maintaining wlan ids, Frame filtering – H3C Technologies H3C WA2600 Series WLAN Access Points User Manual
Page 48: Overview, Blacklist and white list, Displaying and maintaining wlan ids -3
7-3
Configuring IDS Attack Detection
Configuring IDS Attack Detection
Follow these steps to configure IDS attack detection:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter IDS view
wlan ids
—
Enable IDS attack detection
attack-detection enable { all |
flood | weak-iv | spoof }
Required
Disabled by default.
Displaying and Maintaining WLAN IDS
To do…
Use the command…
Remarks
Display the history of attacks
detected in the WLAN system
display wlan ids history
Available in any view
Display the statistics of attacks
detected in the WLAN system
display wlan ids statistics
Available in any view
Clear the history of attacks
detected in the WLAN system
reset wlan ids history
Available in user view
Clear the statistics of attacks
detected in the WLAN system
reset wlan ids statistics
Available in user view
Frame Filtering
Frame filtering is a feature of 802.11 MAC and a sub-feature of WLAN IDS.
A fat AP maintains a white list (Entries in the list will be permitted and can be configured through CLI),
static black list (Entries in the list will be denied and can be configured through CLI) and dynamic black
list (Entries in the list will be denied and are added when WLAN IDS detects flood attacks).
Overview
Blacklist and white list
You can configure the blacklist and white list functions to filter frames from WLAN clients and thereby
implement client access control.
WLAN client access control is accomplished through the following three types of lists.
z
White list: Contains the MAC addresses of all clients allowed to access the WLAN. If the white list is
used, only permitted clients can access the WLAN, and all frames from other clients will be
discarded.
z
Static blacklist: Contains the MAC addresses of clients forbidden to access the WLAN. This list is
manually configured.
z
Dynamic blacklist: Contains the MAC addresses of clients forbidden to access the WLAN. A client
is dynamically added to the list if it is considered sending attacking frames until the timer of the
entry expires.