How to configure the attack detection function on FAT Aps

For V200R003 and V200R005, you can perform the following steps on Fat APs to configure the attack detection function:
1. Run the interface wlan-radio wlan-radio-number command in the system view to display the radio interface view.
2. Run the attack detection enable { all | flood | weak-iv | spoof | wpa-psk | wpa2-psk | wapi-psk | wep-share-key } command in the radio interface view to enable the attack detection function on the AP radio.
3. To enable detection on flood attacks, WPA/WPA2/WAPI pre-shared key (PSK) cracking, and WEP shared key cracking, you must perform the following operations to identify attacks:
a. Run the attack detection flood interval intvalue times timesvalue command in the WLAN view to set the interval for flood attack detection and the maximum number of packets of the same type that an AP can receive within the interval. The variable intvalue specifies the interval for flood attack detection, and timesvalue specifies the number of packets of the same type that an AP can receive within the interval.
b. Run the attack detection psk interval intvalue times timesvalue command in the WLAN view to set the interval for brute force PSK cracking detection and the number of key negotiation failures allowed within the interval. The variable intvalue specifies the interval for brute force PSK cracking detection, and timesvalue specifies the number of key negotiation failures within the interval.
After the attack detection function is configured, you are advised to configure the dynamic blacklist function to dynamically add attack devices to the blacklist. Within the aging time of the dynamic blacklist, the AC rejects packets from attack devices.

Scroll to top