Configuring static white and black lists, Configuring dynamic blacklist feature, Wlan ids frame filtering configuration example – H3C Technologies H3C WA2600 Series WLAN Access Points User Manual
Page 50: Network requirements, Wlan ids frame filtering configuration example -5
7-5
Configuring Static White and Black Lists
Follow these steps to configure static white and black lists:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter WLAN IDS view
wlan ids
—
Add an entry into the white list
whitelist mac-address mac-address
Optional
Add an entry into the static black list
static-blacklist mac-address mac-address
Optional
Configuring Dynamic Blacklist Feature
Follow these steps to configure dynamic blacklist feature:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter WLAN IDS view
wlan ids
—
Enable the dynamic black
list feature
dynamic-blacklist enable
Optional
By default, the dynamic blacklist feature is
disabled.
Configure the lifetime for
dynamic blacklist entries
dynamic-blacklist lifetime
lifetime
Optional
By default, the lifetime is 300 seconds.
Displaying and Maintaining WLAN IDS Frame Filtering
To do…
Use the command…
Remarks
Display static or dynamic blacklist
entries
display wlan
blacklist { static | dynamic }
Available in any view
Display white list entries
display wlan whitelist
Available in any view
Clear dynamic black list entries
reset wlan dynamic-blacklist
{ mac-address mac-address | all }
Available in user view
WLAN IDS Frame Filtering Configuration Example
Network requirements
z
As shown in
, a fat AP is connected to a Layer 2 switch. Client 1 (0000-000f-1211) is a
rogue client. To ensure WLAN security, add the MAC address of the client into the blacklist on the
fat AP to disable it from accessing the wireless network through any AP.