No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).



The contain-mode command sets the containment mode against rogue or interference devices.

The undo contain-mode command deletes the containment mode against rogue or interference devices.

By default, no containment mode against rogue or interference devices is set.


contain-mode { open-ap | spoof-ssid-ap | client [ protect sta-whitelist-profile profile-name ] | adhoc }

undo contain-mode { open-ap | spoof-ssid-ap | client [ protect ] | adhoc }






Counters open-authentication rogue or interference APs.



Counters rogue or interference APs using spoofing SSIDs.



Counters unauthorized STAs or interference STAs.


protect sta-whitelist-profile profile-name

Protects STAs based on the STA whitelist.

Authorized STAs in the whitelist are protected from connecting to rogue or interference APs.



Counters Ad-hoc devices.



WIDS profile view

Default Level

2: Configuration level

Usage Guidelines

rogue or interference devices pose serious security threats to enterprise networks.

After the containment mode is set against rogue or interference APs, the monitor RU uses the identity of the rogue AP to broadcast deauthentication frames to forcibly disconnect STAs. To prevent the STAs from connecting to the rogue AP or interference AP again, the monitor RU will periodically and continuously send deauthentication frames.

After the containment mode is set against rogue STAs, interference STAs or Ad-hoc devices, the monitor RU uses the MAC address of a rogue device to continuously send unicast deauthentication frames.


# Counter rogue and interference APs with spoofing SSIDs.

<Huawei> system-view
[Huawei] wlan
[Huawei-wlan-view] ap-group name office
[Huawei-wlan-ap-group-office] radio 0
[Huawei-wlan-group-radio-office/0] wids contain enable
[Huawei-wlan-group-radio-office/0] quit
[Huawei-wlan-ap-group-office] quit
[Huawei-wlan-view] wids-profile name huawei
[Huawei-wlan-wids-prof-huawei] contain-mode spoof-ssid-ap
Related Topics
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 207891

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next