beautypg.com

Configuring static white and black lists, Configuring dynamic blacklist feature, Wlan ids frame filtering configuration example – H3C Technologies H3C WA2600 Series WLAN Access Points User Manual

Page 50: Network requirements, Wlan ids frame filtering configuration example -5

background image

7-5

Configuring Static White and Black Lists

Follow these steps to configure static white and black lists:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter WLAN IDS view

wlan ids

Add an entry into the white list

whitelist mac-address mac-address

Optional

Add an entry into the static black list

static-blacklist mac-address mac-address

Optional

Configuring Dynamic Blacklist Feature

Follow these steps to configure dynamic blacklist feature:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter WLAN IDS view

wlan ids

Enable the dynamic black
list feature

dynamic-blacklist enable

Optional

By default, the dynamic blacklist feature is
disabled.

Configure the lifetime for
dynamic blacklist entries

dynamic-blacklist lifetime
lifetime

Optional

By default, the lifetime is 300 seconds.

Displaying and Maintaining WLAN IDS Frame Filtering

To do…

Use the command…

Remarks

Display static or dynamic blacklist
entries

display wlan

blacklist { static | dynamic }

Available in any view

Display white list entries

display wlan whitelist

Available in any view

Clear dynamic black list entries

reset wlan dynamic-blacklist
{ mac-address mac-address | all }

Available in user view

WLAN IDS Frame Filtering Configuration Example

Network requirements

z

As shown in

Figure 7-2

, a fat AP is connected to a Layer 2 switch. Client 1 (0000-000f-1211) is a

rogue client. To ensure WLAN security, add the MAC address of the client into the blacklist on the

fat AP to disable it from accessing the wireless network through any AP.

This manual is related to the following products: