No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
permit-ap

permit-ap

Function

The permit-ap command configures a WIDS whitelist.

The undo permit-ap command deletes entries in the WIDS whitelist.

By default, no WIDS whitelist is configured.

Format

permit-ap { mac-address mac-address | oui oui | ssid ssid }

undo permit-ap { mac-address { mac-address | all } | oui { oui | all } | ssid { name ssid | all } }

Parameters

Parameter

Description

Value

mac-address mac-address

Adds or deletes an authorized MAC address.

The value is in H-H-H format. An H is a hexadecimal number of 4 digits. The MAC address cannot be FFFF-FFFF-FFFF, 0000-0000-0000, or a multicast MAC address.

mac-address all

Deletes an authorized MAC address list.

-

oui oui

Adds or deletes an authorized OUI.

The value is in H-H-H format. An H is a hexadecimal number of 2 digits.

oui all

Deletes an authorized OUI list.

-

ssid name ssid

Deletes an authorized SSID.

The SSID must exist. To specify an SSID starting with a space, include the SSID with double quotation marks (" "). For example, in the SSID " hello", the double quotation marks at the start and end of the SSID occupy two characters. To specify an SSID starting with a double quotation mark ("), enter an escape character (\) before the double quotation mark. For example, in the SSID \"hello, the escape character (\) occupies one character.

ssid ssid

Adds an authorized SSID.

The SSID must exist. To specify an SSID starting with a space, include the SSID with double quotation marks (" "). For example, in the SSID " hello", the double quotation marks at the start and end of the SSID occupy two characters. To specify an SSID starting with a double quotation mark ("), enter an escape character (\) before the double quotation mark. For example, in the SSID \"hello, the escape character (\) occupies one character.

ssid all

Deletes an authorized SSID list.

-

Views

WIDS view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After WIDS/WIPS is enabled, rogue APs can be detected and countered. However, there may be APs of other vendors or other networks working in the existing signal coverage areas. If these APs are countered, their services will be affected. To prevent this situation, configure an authorized AP list, including an authorized MAC address list, OUI list, and SSID list. If an unauthorized AP is detected but matches the authorized AP list, the AP is considered an authorized AP and will not be countered.

For example, APs of other vendors are deployed on the existing WLAN to expand network capacity. To prevent the APs from being countered, add OUIs of the vendors to a whitelist and add SSIDs of these APs to a whitelist. In this way, the device will consider the APs as authorized APs.

The device determines whether a detected AP is authorized as follows:
  1. Check whether the AP's MAC address is in the authorized MAC address list.
    • If so, the AP is an authorized AP.

    • If not, go to step 2.

  2. Check whether the AP's OUI and SSID are in the OUI and SSID lists.
    • If only the SSID is configured, check whether the AP's SSID is in the authorized SSID list.
      • If so, the AP is an authorized AP.
      • If not, the AP is an unauthorized AP.
    • If only the OUI is configured, check whether the AP's OUI is in the authorized OUI list.
      • If so, the AP is an authorized AP.
      • If not, the AP is an unauthorized AP.
    • Check whether the AP's OUI and SSID are in the OUI and SSID lists.
      • If so, the AP is an authorized AP.
      • If neither or either of them is in the list, the AP is an unauthorized AP.

Precautions

If you add or delete an entry, the device will re-check the validity of the unauthorized APs. If an unauthorized AP becomes authorized, the device stops countering the AP. If an authorized AP becomes unauthorized, the device starts countering the AP.

Example

# Add an MAC address, an OUI, and an SSID to the WIDS whitelist.

<Huawei> system-view
[Huawei] wlan
[Huawei-wlan-view] wids
[Huawei-wlan-wids] permit-ap mac-address 0011-2233-4455
[Huawei-wlan-wids] permit-ap oui 00-11-22
[Huawei-wlan-wids] permit-ap ssid huawei
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 196782

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next