WLAN Command Reference

HomeSupportWLANH3C WA2200 Series WLAN Access PointsReference GuidesCommand ReferencesH3C WA Series WLAN Access Points Command Reference-6W100WLAN Command Reference
05-WLAN IDS Commands
Title Size Download
05-WLAN IDS Commands 55.52 KB

l          The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region.

l          Support of the H3C WA series WLAN access points (APs) for commands may vary by AP model. For more information, see Feature Matrix.

l          The interface types and the number of interfaces vary by AP model.

 

WLAN IDS Configuration Commands

WLAN Rouge AP Configuration Commands

attack-detection enable

Syntax

attack-detection enable { all | flood | weak-iv | spoof }

undo attack-detection enable

View

WLAN IDS view

Default Level

2: System level

Parameters

all: Enables detection of all kinds of attacks.

flood: Enables detection of flood attacks.

spoof: Enables detection of spoof attacks.

weak-iv: Enables weak-IV detection.

Description

Use the attack-detection enable command to enable the WIDS-IPS detection of various DoS attacks.

Use the undo attack-detection enable command to restore the default.

By default, no WIDS-IPS detection is enabled.

Examples

# Enable spoof attack detection.

<Sysname> system-view

[Sysname] wlan ids

[Sysname-wlan-ids] attack-detection enable spoof

display wlan ids history

Syntax

display wlan ids history

View

Any view

Default Level

1: Monitor level

Parameters

None

Description

Use the display wlan ids history command to display the history of attacks detected in the WLAN system. It supports a maximum of 512 entries.

Examples

# Display the history of attacks.

<Sysname> display wlan ids history

 Total Number of Entries: 5

  Flags:

   act = Action Frame             asr = Association Request

   aur = Authentication Request   daf = Deauthentication Frame

   dar = Disassociation Request   ndf = Null Data Frame

   pbr = Probe Request            rar = Reassociation Request

   saf = Spoofed Disassociation Frame

   sdf = Spoofed Deauthentication Frame    

   wiv = Weak IV Detected

   AT - Attack Type, Ch - Channel Number, AR - Average RSSI

                              WIDS History Table

----------------------------------------------------------------------

 MAC Address      AT    Ch    AR    Detected Time          AP

----------------------------------------------------------------------

 0027-E699-CA71   asr   8     44    2007-06-12/19:47:54    ap12

 0015-E9A4-D7F4   wiv   8     45    2007-06-12/19:45:28    ap48

 0027-E699-CA71   asr   8     20    2007-06-12/19:18:17    ap12

 003d-B5A6-539F   pbr   8     43    2007-06-12/19:10:48    ap56

 0015-E9A4-D7F4   wiv   8     50    2007-06-12/19:01:28    ap48

----------------------------------------------------------------------

Table 1-1 display wlan ids history command output description

Field

Description

MAC-Address

In case of spoof attacks, this field provides the BSSID which was spoofed. In case of other attacks, this field provides the MAC address of the device which initiated the attack.

AT

Type of attack

Ch

Channel in which the attack was detected

AR

Average RSSI of the attack frames

Detected time

Time at which this attack was detected

AP

Name of the AP that detected this attack

 

display wlan ids statistics

Syntax

display wlan ids statistics

View

Any view

Default Level

2: System level

Parameters

None

Description

Use the display wlan ids statistics command to display the count of attacks detected.

Examples

# Display WLAN IDS statistics.

<Sysname> display wlan ids statistics

 Current attack tracking since: 2007-06-21/12:46:33                      

----------------------------------------------------------------------

 Type                                            Current       Total      

----------------------------------------------------------------------

 Probe Request Frame Flood Attack                2             7         

 Authentication Request Frame Flood Attack       0             0         

 Deauthentication Frame Flood Attack             0             0         

 Association Request Frame Flood Attack          1             1         

 Disassociation Request Frame Flood Attack       4             8         

 Reassociation Request Frame Flood Attack        0             0           

 Action Frame Flood Attack                       0             0          

 Null Data Frame Flood Attack                    0             0          

 Weak IVs Detected                               12            21        

 Spoofed Deauthentication Frame Attack           0             0         

 Spoofed Disassociation Frame Attack             0             2         

----------------------------------------------------------------------

Table 1-2 display wlan ids statistics command output description

Field

Description

current

This field provides the count of attacks detected since the time specified by the current attack tracking time (specified in the field “Current attack tracking since:”). The current attack tracking time is started at the system startup and is refreshed each hour subsequently.

total

This field provides the total count of the attacks detected since the system startup.

Probe Request Frame Flood Attack

Number of probe request frame flood attacks detected

Authentication Request Frame Flood Attack

Number of authentication request frame flood attack detected

Deauthentication Frame Flood Attack

Number of deauthentication frame flood attacks detected

Association Request Frame Flood Attack

Number of association request frame flood attacks detected

Disassociation Request Frame Flood Attack

Number of disassociation request frame flood attacks detected

Reassociation Request Frame Flood Attack

Number of reassociation request frame flood attacks detected

Action Frame Flood Attack

Number of action frame flood attacks detected

Null Data Frame Flood Attack

Number of null data frame flood attacks detected

Weak IVs Detected

Number of weak IVs detected

Spoofed Deauthentication Frame Attack

Number of spoofed deauthentication frame attacks detected

Spoofed Disassociation Frame Attack

Number of spoofed disassociation frame attacks detected

 

wlan ids

Syntax

wlan ids

View

System view

Default Level

2: System level

Parameters

None

Description

Use the wlan ids command to enter WLAN IDS view.

Examples

# Enter WLAN IDS view.

<Sysname> system-view

[Sysname] wlan ids

[Sysname-wlan-ids]

reset wlan ids history

Syntax

reset wlan ids history

View

User view

Default Level

2: System level

Parameters

None

Description

Use the reset wlan ids history command to clear the history information of attacks detected in the WLAN.

After this command is executed, all the history information regarding attacks will be cleared, and the history table will be empty.

Examples

# Clear all history information of attacks.

<Sysname> reset wlan ids history

reset wlan ids statistics

Syntax

reset wlan ids statistics

View

User view

Default Level

2: System level

Parameters

None

Description

Use the reset wlan ids statistics command to clear the statistics of attacks detected in the WLAN system.

This command will clear both the “current” and “total” of all attack types in the WLAN IDS statistics table.

Examples

# Clear WLAN IDS statistics.

<Sysname>reset wlan ids statistics

WLAN Frame Filtering Configuration Commands

display wlan blacklist

Syntax

display wlan blacklist { static | dynamic }

View

Any view

Default Level

1: System level

Parameters

static: Displays only statically configured blacklist entries.

dynamic: Displays all dynamically inserted blacklist entries.

Description

Use the display wlan blacklist command to display the statically or dynamically configured blacklist entries.

Examples

# Display the information of static-blacklist.

<Sysname> display wlan blacklist static

Total Number of Entries: 3                                                

                               Static Blacklist                          

--------------------------------------------------------------------------

 MAC-Address

--------------------------------------------------------------------------

 0014-6c8a-43ff

 0016-6F9D-61F3

 0019-5B79-F04A

--------------------------------------------------------------------------

Table 1-3 display wlan blacklist static command output description.

Field

Description

MAC-Address

MAC-Address of the client inserted into static-blacklist

 

# Display the information of dynamic blacklist.

<Sysname> display wlan blacklist dynamic

Total Number of Entries: 3

                               Dynamic Blacklist                         

----------------------------------------------------------------------

 MAC-Address    Lifetime(s) Last Updated Since(hh:mm:ss)     Reason     

----------------------------------------------------------------------

000f-e2cc-0001 60          00:02:11                         Assoc-Flood 

 000f-e2cc-0002 60          00:01:17                         Deauth-Flood

 000f-e2cc-0003 60          00:02:08                         Auth-Flood

Table 1-4 display wlan blacklist dynamic command output description.

Field

Description

MAC-Address

MAC address of the device inserted into dynamic-blacklist

Lifetime(s)

Lifetime of the corresponding entry in dynamic-blacklist (in seconds)

Last Updated Since(hh:mm:ss)

Time elapsed since the entry was last updated

Reason

Reason why the entry is added into dynamic-blacklist

 

display wlan whitelist

Syntax

display wlan whitelist

View

Any view

Default Level

2: System level

Parameters

None

Description

Use the display wlan whitelist command to displays the configured white list entries.

Examples

# Display the information of whitelist.

<Sysname> display wlan whitelist

Total Number of Entries: 6                                            

                               Whitelist                               

--------------------------------------------------------------------------

 MAC-Address

--------------------------------------------------------------------------

 0000-0000-000A

 0000-0000-0066

 0000-0000-00AA

 0000-0000-00EE

 0400-0000-0000

 0400-0000-00EE

--------------------------------------------------------------------------

Table 1-5 display wlan whitelist command output description.

Field

Description

MAC-Address

MAC-Address of the client inserted into whitelist.

 

dynamic-blacklist enable

Syntax

dynamic-blacklist enable

undo dynamic-blacklist enable

View

WLAN IDS view

Default Level

2: System level

Parameters

enable: Enables the dynamic blacklist feature.

Description

Use the dynamic-blacklist enable command to enable the dynamic-blacklist feature to filter out unwanted clients from getting associated.

Use the undo dynamic-blacklist enable command to disable the dynamic-blacklist feature.

By default, the dynamic-blacklist feature will be disabled.

Examples

# Enable the dynamic-blacklist feature

<Sysname> system-view

[Sysname] wlan ids

[Sysname-wlan-ids] dynamic-blacklist enable

dynamic-blacklist lifetime

Syntax

dynamic-blacklist lifetime lifetime

undo dynamic-blacklist lifetime

View

WLAN IDS view

Default Level

2: System level

Parameters

lifetime: Interval in seconds after which an entry should be removed from dynamic-blacklist table. The value ranges from 60 to 3600 seconds.

Description

Use the dynamic-blacklist lifetime command to set the value of time interval in seconds, for the existence of a dynamic-blacklist entry in the table.

Use the undo dynamic-blacklist lifetime command to restore the default value.

By default, ageing duration is 300 seconds.

After this time interval expires, the device entry will be removed from the dynamic-blacklist table if the device is not detected.

Examples

# Specify the dynamic-blacklist lifetime as 1200 seconds.

<Sysname> system-view

[Sysname] wlan ids

[Sysname-wlan-ids] dynamic-blacklist lifetime 1200

reset wlan dynamic-blacklist

Syntax

reset wlan dynamic-blacklist { mac-address mac-address | all }

View

User view

Default Level

2: System level

Parameters

mac-address: MAC address of the client which should be deleted from the dynamic-blacklist.

all: Specifies to delete all the entries from dynamic-blacklist.

Description

Use the reset wlan dynamic-blacklist mac-address command to remove the client with the specified mac-address or all the clients from the dynamic-blacklist.

The maximum number of entries in the list is 128.

Examples

# Remove a client with mac-address aabb-cccc-dddd from the dynamic-blacklist.

<Sysname> reset wlan dynamic-blacklist mac-address aabb-cccc-dddd

static-blacklist mac-address

Syntax

static-blacklist mac-address mac-address

undo static-blacklist { mac-address mac-address | all }

View

WLAN IDS view

Default Level

2: System level

Parameters

mac-address: MAC address of the client which should be added or deleted from the static-blacklist.

all: Specifies to delete all the entries from the static-blacklist.

Description

Use the static-blacklist mac-address command to add a specified mac-address to the static-blacklist.

Use the undo static-blacklist mac-address to remove the client with the specified mac-address or all the clients from the static-blacklist.

The maximum number of entries in the list is 64.

Examples

# Add a client with mac-address aabb-cccc-dddd to the static-blacklist.

<Sysname> system-view

[Sysname] wlan ids

[Sysname-wlan-ids] static-blacklist mac-address aabb-cccc-dddd

whitelist mac-address

Syntax

whitelist mac-address mac-address

undo whitelist { mac-address mac-address | all }

View

WLAN IDS view

Default Level

2: System level

Parameters

mac-address: MAC address of the client which should be added or deleted from the whitelist.

all: Specifies to delete all the entries from whitelist.

Description

Use the whitelist mac-address command to add a client with specified mac-address to the white list.

Use the undo whitelist mac-address command to remove the client with the specified mac-address from the list or remove all the clients from the white list.

The maximum number of entries in the list is 256.

Examples

#  Add a client with mac-address aabb-cccc-dddd to the white list.

<Sysname> system-view

[Sysname] wlan ids

[Sysname-wlan-ids] whitelist mac-address aabb-cccc-dddd

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网