No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R010C00 Configuration Guide - WLAN-AC

This document describes native AC (hereinafter referred to as WLAN AC) configuration procedures and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Rogue Device Containment

Configuring Rogue Device Containment

Context

After the AC identifies a rogue device, you can configure the APs to contain the rogue device. After the containment mode is set, the APs periodically send control frames to disconnect authorized users from the rogue device or disconnect unauthorized users.

Currently, the AC supports rogue device containment against rogue APs using spoofing SSIDs and open-authentication rogue APs. The monitor AP uses the MAC address of a rogue AP using a spoofing SSID or an open-authentication rogue AP to broadcast deauthentication frames to counter the rogue AP, preventing STAs from connecting to the rogue AP again. After the containment mode is set against rogue STAs or Adhoc devices, the monitor AP uses the MAC address of a rogue device to continuously send unicast deauthentication frames.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    wlan

    The WLAN view is displayed.

  3. Enable rogue device containment on radios in an AP group or on a specified AP radio.

    You can enable rogue device containment in the AP group radio view or AP radio view. The configuration in the AP group radio view takes effect on all AP radios in an AP group and that in the AP radio view takes effect only on a specified AP radio. The configuration in the AP radio view has a higher priority than that in the AP group radio view.

    • Enable rogue device containment on radios in an AP group.
      1. Run the ap-group name group-name command to enter the AP group view.
      2. Run the radio radio-id command to enter the radio view.
      3. Run the wids contain enable command to enable rogue device containment.

        By default, rogue device containment is disabled on radios in an AP group.

      4. Run the quit command to return to the AP group view.

    • Enable rogue device containment on a specified AP radio.
      1. Run the ap-id ap-id, ap-mac ap-mac, or ap-name ap-name command to enter the AP view.
      2. Run the radio radio-id command to enter the radio view.
      3. Run the wids contain enable command to enable rogue device containment.

        By default, rogue device containment is disabled on an AP radio.

      4. Run the quit command to return to the AP view.

  4. Run:

    quit

    Return to the WLAN view.

  5. Run:

    wids-profile name profile-name

    The WIDS profile view is displayed.

  6. Run:

    contain-mode { open-ap | spoof-ssid-ap | client [ protect sta-whitelist-profile profile-name ] | adhoc }

    The rogue device containment mode is configured for APs.

    By default, no containment mode against rogue devices is set.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1000142094

Views: 121714

Downloads: 119

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next