WIDS

S7700 V200R019C10 Web-based Configuration Guide

This document describes how to configure and maintain devices through the web NMS client, including device status statistics, SVF, interface, Ethernet switching, IP service, IP routing, security, ACL, AAA, system management, QoS, WLAN, diagnosis service, and EasyDeploy.

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

WIDS

Procedure

View device detection results.

Choose Monitoring > Wireless Service > WIDS. The WIDS page is displayed.

View device detection results in Device Detection. Table 4-19 describes the device detection parameters.

Table 4-19 Device detection parameters

Parameter	Description
Unauthorized device	Number of unauthorized devices.
Interference source	Number of interference sources.
Authorized device	Number of authorized devices.
Countermeasure list	Number of countered devices.

Click a number in the detection result list.

The detected device information is displayed in Device Detection Information. Table 4-20 describes the parameters.

Table 4-20 Device detection parameters

Parameter	Description
MAC Address	MAC address of the device.
Device Model	-
SSID	SSID of the device.
Channel	Channel used by the device.
Number of Detected APs	Number of APs that detect the device.
Discovered At	Time when the device is detected.
Containment Status	Whether the rogue device is contained.
Containment Reason	Reason for the device to be contained.
Operation	Manual containment.

Click Export. The device detection information is exported in a .csv file.

Select a device in the detected device list and click View Discovered APs. Information about the APs that detect the device is displayed. Table 4-21 describes the parameters.

Table 4-21 Parameters of APs that detect the device

Parameter	Description
AP ID	ID of the AP that detects the device.
AP Name	Name of the AP that detects the device.
MAC Address	MAC address of the AP that detects the device.
AP Group	AP group to which the AP that detects the device belongs.
IP Address	IP address of the AP that detects the device.
RSSI of Detected Device	RSSI of the detected device.

In the list of APs that detect the device, select an AP and click View Whitelist to check the WIDS whitelist of the AP.

Clear device detection statistics.
1. Choose Monitoring > Wireless Service > WIDS. The WIDS page is displayed.
2. Click Clear in Device Detection.

View attack detection results.

Choose Monitoring > Wireless Service > WIDS. The WIDS page is displayed.

View attack detection results in Attack Detection. Table 4-22 describes the attack detection parameters.

Table 4-22 Attack detection parameters

Parameter	Description
Flood attack	Number of flood attacks, including the following types of attacks: Flood attack of probe request frames Flood attack of authentication request frames Flood attack of deauthentication request frames Flood attack of association request frames Flood attack of disassociation request frames Flood attack of reassociation request frames Flood attack of action frames Flood attack of EAPOL authentication request frames Flood attack of EAPOL offline frames
Weak IV attack	Number of weak IV attacks.
Spoofing attack	Number of spoofing attacks, including the following types of attacks: Attack of spoofing deauthentication frames Attack of spoofing disassociation frames Other types of spoofing frames
Brute force cracking	Number of brute force cracking attacks, including the following types of attacks: Brute force cracking attack in WEP-SK authentication mode Brute force cracking attack in WPA-PSK authentication mode Brute force cracking attack in WPA2-PSK authentication mode Brute force cracking attack in WAPI authentication mode

Click a number in the attack detection result list to view details. Table 4-23 describes the parameters.

Table 4-23 Attack detection parameters

Parameter	Description
MAC Address	MAC address of the attacking device.
Channel	Channel used by the attacking device.
RSSI	RSSI of the attacking device.
Monitor AP	Name of the AP that detects attacks.
First DetectionTime	Time when attacks are detected.

By default, information about the active attacks is displayed. You can click Historical Attack to check historical attack detection records.

Click Export. The device detection information is exported in a .csv file.
Click View Dynamic Blacklist. The View Dynamic Blacklist page is displayed. Table 4-24 describes the dynamic blacklist parameters.

Table 4-24 Dynamic blacklist parameters

Parameter

Description

MAC Address

MAC address of the attacking device.

Attack Type

Type of attacks detected.

Monitor AP

Name of the AP that detects attacks.

Clear attack detection statistics.
1. Choose Monitoring > Wireless Service > WIDS. The WIDS page is displayed.
2. Click Clear in Attack Detection.

Translation

简体中文

Download

Updated: 2022-05-20

Document ID: EDOC1100126882

Downloads: 138

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

This document describes how to configure and maintain devices through the web NMS client, including device status statistics, SVF, interface, Ethernet switching, IP service, IP routing, security, ACL, AAA, system management, QoS, WLAN, diagnosis service, and EasyDeploy.

Procedure

Related Version

Related Documents

Digital Signature File

Parameter	Description
MAC Address	MAC address of the attacking device.
Attack Type	Type of attacks detected.
Monitor AP	Name of the AP that detects attacks.