beautypg.com

Configuring ids attack detection, Displaying and maintaining wlan ids, Frame filtering – H3C Technologies H3C WA2600 Series WLAN Access Points User Manual

Page 48: Overview, Blacklist and white list, Displaying and maintaining wlan ids -3

background image

7-3

Configuring IDS Attack Detection

Configuring IDS Attack Detection

Follow these steps to configure IDS attack detection:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter IDS view

wlan ids

Enable IDS attack detection

attack-detection enable { all |
flood | weak-iv | spoof }

Required

Disabled by default.

Displaying and Maintaining WLAN IDS

To do…

Use the command…

Remarks

Display the history of attacks
detected in the WLAN system

display wlan ids history

Available in any view

Display the statistics of attacks
detected in the WLAN system

display wlan ids statistics

Available in any view

Clear the history of attacks
detected in the WLAN system

reset wlan ids history

Available in user view

Clear the statistics of attacks
detected in the WLAN system

reset wlan ids statistics

Available in user view

Frame Filtering

Frame filtering is a feature of 802.11 MAC and a sub-feature of WLAN IDS.

A fat AP maintains a white list (Entries in the list will be permitted and can be configured through CLI),

static black list (Entries in the list will be denied and can be configured through CLI) and dynamic black

list (Entries in the list will be denied and are added when WLAN IDS detects flood attacks).

Overview

Blacklist and white list

You can configure the blacklist and white list functions to filter frames from WLAN clients and thereby

implement client access control.

WLAN client access control is accomplished through the following three types of lists.

z

White list: Contains the MAC addresses of all clients allowed to access the WLAN. If the white list is

used, only permitted clients can access the WLAN, and all frames from other clients will be

discarded.

z

Static blacklist: Contains the MAC addresses of clients forbidden to access the WLAN. This list is

manually configured.

z

Dynamic blacklist: Contains the MAC addresses of clients forbidden to access the WLAN. A client

is dynamically added to the list if it is considered sending attacking frames until the timer of the

entry expires.

This manual is related to the following products: