1. Manuals
  2. Brands
  3. HP Manuals
  4. Network Router
  5. a-msr
  6. Configuration manual

Wlan Ids Frame Filtering Configuration; Blacklist And White List - HP a-msr Configuration Manual

Wlan
Hide thumbs
Table of Contents

Advertisement

WLAN IDS frame filtering configuration

The terms AP and fat AP in this document refer to A-MSR900 and A-MSR20- 1 X routers with IEEE 802.1 1b/g
and A-MSR series routers installed with a SIC WLAN module.
Frame filtering is a feature of 802.1 1 MAC and a sub-feature of WLAN IDS.
An AC maintains a white list (entries in the list are permitted and can be configured through CLI), a static
blacklist (entries in the list are denied and can be configured through CLI), and a dynamic blacklist (entries
in the list are denied and are added when WLAN IDS detects flood attacks).

Blacklist and white list

Configure the blacklist and white list functions to filter frames from WLAN clients and implement client access
control.
WLAN client access control is accomplished through the following types of lists.
White list: Contains the MAC addresses of all clients allowed to access the WLAN. If you use the white
list, only permitted clients can access the WLAN, and all frames from other clients are discarded.
Static blacklist: Contains the MAC addresses of clients forbidden to access the WLAN. This list is
configured manually.
Dynamic blacklist: Contains the MAC addresses of clients forbidden to access the WLAN. A client is
added dynamically to the list if it is considered sending attacking frames, until the timer of the entry
expires. A dynamic blacklist can collaborate with ARP detection. When ARP detection detects any
attacks, the MAC addresses of attackers are added to the dynamic blacklist. For more information
about ARP detection, see Security Configuration Guide.
When an AP receives an 802.1 1 frame, it checks the source MAC address of the frame and processes the
frame by following these rules:
If the source MAC address does not match any entry in the white list, the frame is dropped. If there is
a match, the frame is considered valid and is processed further.
If no white list entries exist, the static and dynamic blacklists are searched.
If the source MAC address matches an entry in any of the two lists, the frame is dropped.
If there is no match, or no blacklist entries exist, the frame is considered valid and is processed further.
52

Advertisement

Table of Contents
loading

Related Manuals for HP a-msr

Related Content for HP a-msr

Table of Contents