No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Command Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display station dynamic-blacklist

display station dynamic-blacklist

Function

The display station dynamic-blacklist command displays the dynamic blacklist on an AP.

Format

display station dynamic-blacklist { ap-id ap-id | ap-name ap-name }

Parameters

Parameter Description Value
ap-id ap-id

Displays information about STAs that are denied access on the AP with a specified ID.

The AP ID must exist.

ap-name ap-name

Displays information about STAs that are denied access on the AP with a specified name.

The AP name must exist.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

There is a STA dynamic blacklist on an AP. The blacklist helps control access of STAs, for example, forbidding STAs with bogus IP addresses to go online. If a STA is not allowed to go online, the STA is added to the dynamic blacklist. Before the dynamic blacklist entry ages out, the STA cannot associate with the AP. The aging time of the dynamic blacklist entries is 10 minutes. After the aging time is reached, the dynamic blacklist entries are automatically deleted. During this period, if the STA on an entry is added to the blacklist again, the aging time of the entry is updated and recalculated.

The administrator can run this command to check STAs in the blacklist and the reasons for adding the STAs to the blacklist.

Example

# Display the dynamic blacklist on AP.

<HUAWEI> display station dynamic-blacklist ap-name huawei
Total: 1
------------------------------------------------------------------------------
STA MAC           Time left(s)   Reason
------------------------------------------------------------------------------
581f-28fc-7ead    160           WIDS attack
------------------------------------------------------------------------------
Table 11-186  Description of the display station dynamic-blacklist command output
Item Description

STA MAC

MAC address of a STA.

Time left(s)

Remaining aging period, in seconds.

To configure the parameter, run the dynamic-blacklist aging-time command.

Reason

STA access denial reason.
  • static IP: The AP is configured to deny access of STAs with bogus IP addresses, and the STA has a static IP address configured.
  • ARP flood: The AP is configured to detect and defend against ARP flood attacks, and the STA initiates an ARP flood attack.
  • IGMP flood: The AP is configured to detect and defend against IGMP flood attacks, and the STA initiates an IGMP flood attack.
  • ND flood: The AP is configured to detect and defend against ND flood attacks, and the STA initiates an ND flood attack.
  • DHCP flood: The AP is configured to detect and defend against DHCP flood attacks, and the STA initiates a DHCP flood attack.
  • DHCPv6 flood: The AP is configured to detect and defend against DHCPv6 flood attacks, and the STA initiates a DHCPv6 flood attack.
  • MDNS flood: The AP is configured to detect and defend against mDNS flood attacks, and the STA initiates an mDNS flood attack.
  • other multicast flood: The AP is configured to detect and defend against flood attacks through multicast packets other than IGMP, and mDNS multicast packets, and the STA initiates such an attack.
  • other broadcast flood: The AP is configured to detect and defend against flood attacks through broadcast packets other than ARP, DHCP, DHCPv6, and ND multicast packets, and the STA initiates such an attack.
  • WIDS attack: The AP is configured to detect attacks on a WLAN.
  • MESH key fail: Key negotiation fails during mesh link setup.
  • other: Other reason
Translation
Download
Updated: 2019-04-09

Document ID: EDOC1100065659

Views: 124916

Downloads: 88

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next