Configuring An Attack List - 3Com WX1200 3CRWX120695A Configuration Manual

578 C 26: R
HAPTER OGUE
Configuring an
Attack List
D C
ETECTION AND OUNTERMEASURES
The attack list specifies the MAC addresses of devices that MSS should
issue countermeasures against whenever the devices are detected on the
network. The attack list can contain the MAC addresses of APs and
clients.
By default, the attack list is empty. The attack list applies only to the WX
switch on which the list is configured. WX switches do not share attack
lists.
When on-demand countermeasures are enabled, only those devices
configured in the attack list are subject to countermeasures. In this case,
devices found to be rogues by other means, such as policy violations or by
determining that the device is providing connectivity to the wired
network, are not attacked.
If you are using on-demand countermeasures in a Mobility Domain, you
should synchronize the attack lists on all the WX switches in the Mobility
Domain. See "Using On-Demand Countermeasures in a Mobility Domain"
on page 581.
To add an entry to the attack list, use the following command:
set rfdetect attack-list mac-addr
The following command adds MAC address aa:bb:cc:44:55:66 to the
attack list:
WX4400# set rfdetect attack-list 11:22:33:44:55:66
success: MAC 11:22:33:44:55:66 is now in attacklist.
To display the attack list, use the following command:
display rfdetect attack-list
The following example shows the attack list on a switch:
WX4400# display rfdetect attack-list
Total number of entries: 1
Attacklist MAC
----------------- ----------------- ------ ------------
11:22:33:44:55:66
To remove a MAC address from the attack list, use the following
command:
clear rfdetect attack-list mac-addr
Port/Radio/Chan
dap 2/1/11
RSSI SSID
-53 rogue-ssid