Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Maintaining WLAN-Fat AP Security
Maintaining WLAN-Fat AP security includes displaying WLAN security information and clearing WLAN security information.
Displaying WLAN Security Configuration
Context
After WLAN security is configured, you can run the following display commands to check the WLAN security configuration.
Procedure
- Run the display radio config interface wlan-radio wlan-radio-number command to view the security configuration parameters of the specified radio interface, including the working mode, attack detection status, wireless intrusion detection status, and wireless intrusion prevention status.
- Run the display security-profile { all | { id profile-id | name profile-name } [ detail ] } command to view the security profile configuration.
- Run the display sta-access-mode command to view the STA access control mode of the AP.
- Run the display sta-whitelist command to view the STA whitelist.
- Run the display sta-blacklist command to view the STA blacklist.
- Run the display service-set { all |id service-set-id | name service-set-name | ssid ssid } command to check whether user isolation is enabled in the specified service set.
Clearing Detected Device Information
Context
After WIDS and WIPS are configured, you can clear information about detected wireless device and historical records about unauthorized devices.
Cleared data cannot be restored. Exercise caution when you clear information about wireless devices.
Procedure
- Run the reset wlan ids attack-detected { all | flood | spoof | wapi-psk | weak-iv | wep-share-key | wpa-psk | wpa2-psk | mac-address mac-address } command to clear information about device initiating attacks.
- Run the reset wlan ids dynamic-blacklist { ap ap-id | mac-address mac-address | all } command to remove devices from the dynamic blacklist. The AP can receive packets from these devices.
- Run the reset wlan ids attack-detected statistics command to delete the number of attacks detected.
- Run the reset wlan ids attack-history { all | flood | spoof | wapi-psk | weak-iv | wep-share-key | wpa-psk | wpa2-psk | mac-address mac-address } command to delete historical records about the attacking devices detected.