No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
contain-mode

contain-mode

Function

The contain-mode command sets the containment mode against rogue or interference devices.

The undo contain-mode command deletes the containment mode against rogue or interference devices.

By default, no containment mode against rogue or interference devices is set.

Format

contain-mode { open-ap | spoof-ssid-ap | client [ protect sta-whitelist-profile profile-name ] | adhoc }

undo contain-mode { open-ap | spoof-ssid-ap | client [ protect ] | adhoc }

Parameters

Parameter

Description

Value

open-ap

Sets the containment mode against open-authentication rogue or interference APs.

-

spoof-ssid-ap

Sets the containment mode against rogue or interference APs using spoofing SSIDs.

-

client

Sets the containment mode against unauthorized STAs or interference STAs.

-

protect sta-whitelist-profile profile-name

Protects STAs based on the STA whitelist.

Authorized STAs in the whitelist are protected from connecting to rogue or interference APs.

-

adhoc

Sets the containment mode against Ad-hoc devices.

-

Views

WIDS view

Default Level

2: Configuration level

Usage Guidelines

Rogue or interference devices pose serious security threats to enterprise networks.

After the containment mode is set against rogue or interference APs, the monitor AP uses the identity of the rogue or interference AP to broadcast deauthentication frames to forcibly disconnect STAs. To prevent the STAs from connecting to the rogue or interference AP again, the monitor AP will periodically and continuously send deauthentication frames.

After the containment mode is set against rogue STAs, interference STAs or Ad-hoc devices, the monitor AP uses the MAC address of a rogue device to continuously send unicast deauthentication frames.

Example

# Counter rogue and interference APs with spoofing SSIDs.

<Huawei> system-view
[Huawei] interface wlan-radio 0/0/1
[Huawei-wlan-Radio0/0/1] wids contain enable
[Huawei-wlan-Radio0/0/1] quit
[Huawei] wlan
[Huawei-wlan-view] wids
[Huawei-wlan-wids] contain-mode spoof-ssid-ap
Related Topics
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 207798

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next