Table of Contents
Advertisement
Figure 22 Frame filtering
L2 Switch
FAT AP
Client 1
Client 2
If client 1 is present in the backlist, it cannot associate with the fat AP. If it is only in the white list, it can be
associated with the fat AP.
Configuring WLAN IDS frame filtering
WLAN IDS frame filtering configuration involves white list configuration, blacklist configuration, and
dynamic blacklist feature configuration.
In WLAN IDS view, you can configure the static blacklist, white list, enable dynamic blacklist feature
and configure the lifetime for dynamic entries.
Only entries present in the white list are permitted. You can add entries into or delete entries from the
list.
Entries present in the static blacklist are denied.
Whenever WLAN IDS detects a flood attack, the attacking device is added into the dynamic blacklist.
You can set a lifetime in seconds for dynamic blacklist entries. After the lifetime of an entry expires, the
device entry is removed from the dynamic blacklist. If a flood attack from the device is detected again
before the lifetime expires, the entry is refreshed.
To configure WLAN IDS frame filtering:
To do...
1.
Enter system view.
2.
Enter WLAN IDS view.
3.
Add an entry into the white list.
4.
Add an entry into the static
blacklist.
5.
Enable the dynamic blacklist
feature.
IP network
Client 4
Client 3
Use the command...
system-view
wlan ids
whitelist mac-address mac-address
static-blacklist mac-address
mac-address
dynamic-blacklist enable
53
Remarks
—
—
Optional.
Optional.
Optional.
By default, the dynamic
blacklist feature is disabled.
Advertisement
Table of Contents
