No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
wids attack detect enable

wids attack detect enable

Function

The wids attack detect enable command enables attack detection on an AP radio.

The undo wids attack detect enable command disables attack detection on an AP radio.

By default, attack detection is disabled on an AP radio.

Format

wids attack detect enable { all | flood | weak-iv | spoof | wpa-psk | wpa2-psk | wapi-psk | wep-share-key }

undo wids attack detect enable { all | flood | weak-iv | spoof | wpa-psk | wpa2-psk | wapi-psk | wep-share-key }

Parameters

Parameter

Description

Value

all

Enables all attack detection functions.

-

flood

Enables flood attack detection.

-

weak-iv

Enables weak IV attack detection.

-

spoof

Enables spoofing attack detection.

-

wpa-psk

Enables brute force attack detection for WPA-PSK authentication.

-

wpa2-psk

Enables brute force attack detection for WPA2-PSK authentication.

-

wapi-psk

Enables brute force attack detection for WAPI-PSK authentication.

-

wep-share-key

Enables brute force attack detection for shared key authentication.

-

Views

Radio interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To monitor and prevent malicious or unintentional attacks on WLANs in real time, network administrators can enable the following attack detection functions based on actual requirements:
  • flood: indicates flood attack detection used to detect whether an AP receives a large number of packets of the same type in a short period.
  • weak-iv: indicates weak IV attack detection used to detect whether weak IV is used for WEP encryption on a WLAN.
  • spoof: indicates spoofing attack detection used to detect whether a potential attacker pretends to be an AP to broadcast Deauthentication and Disassociation packets.
  • wpa-psk, wpa2-psk, wapi-psk, wep-share-key: indicates brute force attack detection. If the WPA-PSK, WPA2-PSK, WAPI-PSK, or WEP-SK security policy is configured on a WLAN, brute force attack detection can be enabled to increase the time required for password cracking and improve password security.

Follow-up Procedure

Run the dynamic-blacklist enable command to enable the dynamic blacklist function.

Example

# Enable brute force attack detection for WPA-PSK authentication on radio 0.
<Huawei> system-view
[Huawei] interface wlan-radio 0/0/0
[Huawei-wlan-Radio0/0/0] wids attack detect enable wpa-psk
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 210847

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next