No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - WLAN-AC

S5700 and S6720 V200R012C00

This document describes the configurations of WLAN, including WLAN Service Configuration, Radio Resource Management, Roaming, WLAN QoS, WLAN Security, WDS, Mesh, Location, Hotspot 2.0, Dual-Link Cold Backup, N+1 Backup.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Wireless Intrusion Detection

Wireless Intrusion Detection

Monitor APs can be configured to prevent intrusion to the network. When configured, the wireless intrusion detection system (WIDS) can detect unauthorized users and APs by periodically listen on wireless signals. The AC obtains information about wireless devices and can take countermeasures on unauthorized devices.

Before configuring WIDS on an AP, configure the working mode of the AP.

An AP can work in two modes:
  • normal: indicates the normal mode.
    • If the air scan function is disabled on a radio, including WIDS, spectrum analysis, and terminal location, the radio is used to transmit common WLAN services.
    • If the air scan function is enabled on a radio, the radio transmits common WLAN services and also implements detection. Transmission of common WLAN services may be affected.
  • monitor: indicates the monitor mode.

    In this mode, the radio can only transmit WLAN services scanned by the air interface but cannot transmit common WLAN services.

Intrusion detection consists of two phases: wireless device identification and rogue device identification.

Wireless Device Detection

The AP enabled with the WIDS function can determine the types of surrounding wireless devices based on detected 802.11 frames. The wireless device detection process is as follows:
  1. Configure the AP working mode and enable the WIDS function.
  2. The AC delivers the configuration to the AP.

  3. The AP listens on frames sent from neighboring wireless devices to collect information about wireless devices. The AP determines frame types and device types according to the received 802.11 MAC frames.

    An AP can identify the following device types: AP, STA, wireless bridge, and ad-hoc device.
    • Wireless bridge: a device serving as a wireless communication bridge between two or more networks.
    • Ad-hoc device: a device on an ad-hoc network. An ad-hoc network is a temporary wireless network composed of several devices with wireless network adapters, as shown in Figure 10-1.
      Figure 10-1  Ad-hoc network

    An AP identifies device types in the following ways:

    • When receiving a Probe Request, Association Request, or Reassociation Request frame, the AP determines whether the sender is an ad-hoc device or STA based on the network type specified in the Frame Body field of the 802.11 MAC frame.
      • Ad-hoc: The network type is independent basic service set (IBSS).
      • STA: The network type is basic service set (BSS).
    • When receiving a Beacon, Probe Response, Association Response, or Reassociation Response frame, the AP determines whether the sender is an ad-hoc device or AP based on the network type specified in the Frame Body field of the 802.11 MAC frame.
      • Ad-hoc: The network type is IBSS.
      • AP: The network type is BSS.
    • The AP listens on all 802.11 data frames and checks the DiffServ (DS) field of the data frames to determine whether the sender is an ad-hoc device, wireless bridge, STA, or AP.
      • Ad-hoc device: In the Frame Control field of the 802.11 MAC frame, both the To DS and From DS fields are 0.
      • Wireless bridge: In the Frame Control field of the 802.11 MAC frame, both the To DS and From DS fields are 1.
      • STA: In the Frame Control field of the 802.11 MAC frame, the To DS field 1 and the From DS field is 0.
      • AP: In the Frame Control field of the 802.11 MAC frame, the To DS field is 0 and the From DS field is 1.

Rogue Device Identification

APs periodically report collected device information to an AC, and the AC identifies rogue or interference devices according to the reported device information.
  • Authorized AP: a local AP or an AP in the WIDS whitelist

  • Authorized wireless bridge: a local wireless bridge or a wireless bridge in the WIDS whitelist

  • Authorized STA: a STA associated with an authorized AP

  • Rogue AP: an AP that is not in the WIDS whitelist and has the same SSID as a local AP or has a spoofing SSID

  • Rogue wireless bridge: a wireless bridge that is not in the WIDS whitelist and has the same SSID as a local wireless bridge or has a spoofing SSID

  • Rogue STA: a STA associated with a rogue AP

  • Rogue ad-hoc device: all ad-hoc devices detected
  • Interference AP: an AP that is not an authorized AP or a rogue AP
  • Interference wireless bridge: a wireless bridge that is not an authorized wireless bridge or a rogue wireless bridge
  • Interference STA: a STA associated with an interference AP
NOTE:

An AC can implement countermeasures on rogue devices to prevent them from accessing the network. For details about countermeasures, see Wireless Intrusion Prevention

Translation
Download
Updated: 2018-12-24

Document ID: EDOC1100038361

Views: 158423

Downloads: 436

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next