No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Command Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
contain-mode

contain-mode

Function

The contain-mode command sets the containment mode against rogue or interference devices.

The undo contain-mode command deletes the containment mode against rogue or interference devices.

By default, no containment mode against rogue or interference devices is set.

Format

contain-mode { open-ap | spoof-ssid-ap | client [ protect sta-whitelist-profile profile-name ] | adhoc }

undo contain-mode { open-ap | spoof-ssid-ap | client [ protect ] | adhoc }

Parameters

Parameter

Description

Value

open-ap

Sets the containment mode against open-authentication rogue or interference APs.

-

spoof-ssid-ap

Sets the containment mode against rogue or interference APs using spoofing SSIDs.

-

client

Sets the containment mode against unauthorized STAs or interference STAs.

-

protect sta-whitelist-profile profile-name

Protects STAs based on the STA whitelist.

Authorized STAs in the whitelist are protected from connecting to rogue or interference APs.

-

adhoc

Sets the containment mode against Ad-hoc devices.

-

Views

WIDS profile view

Default Level

2: Configuration level

Usage Guidelines

Rogue or interference devices pose serious security threats to enterprise networks.

After the containment mode is set against rogue or interference APs, the monitor AP uses the identity of the rogue or interference AP to broadcast deauthentication frames to forcibly disconnect STAs. To prevent the STAs from connecting to the rogue or interference AP again, the monitor AP will periodically and continuously send deauthentication frames.

After the containment mode is set against rogue STAs, interference STAs or Ad-hoc devices, the monitor AP uses the MAC address of a rogue device to continuously send unicast deauthentication frames.

Example

# Counter rogue and interference APs with spoofing SSIDs.

<HUAWEI> system-view
[HUAWEI] wlan
[HUAWEI-wlan-view] ap-group name office
[HUAWEI-wlan-ap-group-office] radio 0
[HUAWEI-wlan-group-radio-office/0] wids contain enable
[HUAWEI-wlan-group-radio-office/0] quit
[HUAWEI-wlan-ap-group-office] quit
[HUAWEI-wlan-view] wids-profile name huawei
[HUAWEI-wlan-wids-prof-huawei] contain-mode spoof-ssid-ap
Related Topics
Translation
Download
Updated: 2019-04-09

Document ID: EDOC1100065659

Views: 112924

Downloads: 83

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next