Configuring wids-frame filtering – H3C Technologies H3C WA2600 Series WLAN Access Points User Manual

7-4

When an AP receives an 802.11 frame, it checks the source MAC address of the frame and processes

the frame as follows:

1) If the source MAC address does not match any entry in the white list, the frame is dropped. If there

is a match, the frame is considered valid and will be further processed.

2) If no white list entries exist, the static and dynamic blacklists are searched.

3) If the source MAC address matches an entry in any of the two lists, the frame is dropped.

4) If there is no match, or no blacklist entries exist, the frame is considered valid and will be further

processed.

Figure 7-1 Frame filtering

IP network

L2 Switch

FAT AP

Client 1

Client 2

Client 3

Client 4

If client 1 is present in the backlist, it cannot associate with the fat AP; if it is only in the white list, it can

get associated with the fat AP.

Configuring WIDS-Frame Filtering

WLAN IDS frame filtering configuration involves white list, black list configuration and dynamic black list

feature configuration.

z

In WLAN IDS view, you can configure the static black list, white list, enable dynamic blacklist

feature and configure the lifetime for dynamic entries.

z

Only entries present in the white list will be permitted. You can add entries into or delete entries

from the list.

z

Entries present in the static blacklist will be denied.

z

Whenever WLAN IDS detects a flood attack, the attacking device is added into the dynamic

blacklist. You can set a lifetime in seconds for dynamic blacklist entries. After the lifetime of an

entry expires, the device entry will be removed from the dynamic list.