How to configure IPSG for a WLAN device

32

IP source guard (IPSG) can defend against spoofing attacks based on source IP addresses.
For the methods of configuring IPSG for a WLAN device, see "Example for Configuring WLAN IPSG" in Typical Configuration Examples.

Other related questions:
How to configure channels and power for WLAN devices
Configure radio channels and power for WLAN devices manually or by configuring radio calibration. -Manual configuration Take the configuration on the AC as an example. Users can adjust the channel and power using the channel 20mhz xx and power-level commands. [AC6005-wlan-radio-0/0]display this # radio-profile id 0 channel 20MHz 13 power-level 2 # return Configure channels and power for Fat AP devices in the radio interface view.

How to configure the STA blacklist on WLAN devices
A STA blacklist contains MAC addresses of STAs that are not allowed to connect to the WLAN. To forbid some STAs from connecting to the WLAN, you can configure a STA blacklist. You can configure a global STA blacklist for APs, and the blacklist takes effect on all VAPs. You can also configure a STA blacklist for specified VAPs. If an AP and a VAP are configured with the blacklist or whitelist function, a STA can connect to the WLAN only when it is permitted by both the configuration on the AP and VAP. - For V200R003 and V200R005, you can perform the following steps to configure a STA blacklist for specified APs on an AC or a Fat AP: 1. Run the sta-blacklist mac-address command in the WLAN view to add specified MAC addresses to the STA blacklist. The variable mac-address specifies the MAC addresses in the STA blacklist. 2. For ACs: run the sta-access-mode ap { { start-id [ to end-id ] } &<1-10> | all } blacklist command in the WLAN view to set the access control mode to the STA blacklist for a specified AP. The variable start-id and end-id specify the AP ID range. For Fat APs: Run the sta-access-mode blacklist command in the WLAN view to set the access control mode to the STA blacklist. 3. Run the commit { all | ap ap-id } command in the WLAN view to deliver configurations to the APs (applicable only to the AC). The variable ap-id specifies the AP ID. - For V200R003 and V200R005, you can perform the following steps to configure a STA blacklist for specified VAPs on an AC or a Fat AP: 1. Run the sta-blacklist-profile { name list-name | id list-id } command in the WLAN view to create a STA blacklist profile and display the STA blacklist profile view. The variable list-name specifies the STA blacklist profile name, and list-id specifies the STA blacklist profile ID. 2. Run the sta-mac mac-address command in the STA blacklist profile view to add the MAC address of a STA to the STA blacklist profile. The variable mac-address specifies the MAC addresses in the STA blacklist. 3. Run the service-set { id profile-id | name profile-name } * command in the WLAN view to display the service set view. The variable profile-id specifies the service set ID, and profile-name specifies the service set name. 4. Run the sta-access-mode blacklist command in the service set view to set the access control mode for VAPs to the STA blacklist. 5. Run the set view sta-blacklist-profile { name list-name | id list-id } command in the service set view to bind a STA blacklist profile for the service set. The variable list-name specifies the STA blacklist profile name, and list-id specifies the STA blacklist profile ID. 6. Run the commit { all | ap ap-id } command in the WLAN view to deliver configurations to the APs (applicable only to the AC). The variable ap-id specifies the AP ID.

How to save the configuration file of a WLAN device
Use the following methods to save the configuration file of a WLAN device: 1. CLI: save //The command must be executed in the user view. The current configuration will be written to the device. Are you sure to continue? (y/n)[n]:y It will take several minutes to save configuration file, please wait........ Configuration file had been saved successfully To prevent loss of configuration after AC restart, run the save command to save the current configuration before restarting the AC. Note: If the output of the display startup command shows that the current configuration file is Null, the system will ask you to enter the configuration file name when the save command is executed. By default, the configuration file is saved in the vrpcfg.zip file. 2. Web platform: Click Save in the upper right corner of the web platform, and then click OK in the displayed dialog box. To ensure that the configuration is not lost after AC restart, save the current configuration before restarting the AC.

Configuring hybrid interfaces on WLAN devices
The following example describes how to configure a hybrid interface on a WLAN device: - A hybrid interface can connect to either a user device or a switch. [HUAWEI]vlan 2 //Create a VLAN. [HUAWEI-vlan2]quit [HUAWEI]interface gigabitethernet0/0/2 [HUAWEI-GigabitEthernet0/0/2]port link-type hybrid //Set the interface type to hybrid. [HUAWEI-GigabitEthernet0/0/2]port hybrid untagged vlan 2 //Configure the interface to allow packets from VLAN 2 to pass through in untagged mode. [HUAWEI-GigabitEthernet0/0/2]port hybrid pvid vlan 2 //(Optional) Specify VLAN 2 as the default VLAN of the interface (default: VLAN 1). [HUAWEI-GigabitEthernet0/0/2]port hybrid tagged vlan 3 //Configure the interface to allow packets from VLAN 3 to pass through in tagged mode.

How to configure the WAPI security policy on WLAN devices
For V200R003 and V200R005, you can perform the following steps on ACs or Fat APs to configure the WAPI security policy: 1. Run the security-profile { id profile-id | name profile-name } * command in the WLAN view to display the security profile view. The variable profile-id specifies the ID of a security profile, and profile-name specifies the name of the security profile. 2. Run the security-policy wapi command in the security profile view to set the security policy to WAPI. By default, WAPI uses WAPI-CERT authentication + WPI encryption. 3. Configure the authentication mode for WAPI: - Set the authentication mode to WAPI-PSK, that is, PSK authentication. Run the wapi authentication-method psk { pass-phrase | hex } cipher cipher-key command in the security profile view to set the authentication mode to PSK authentication for WAPI and configure the shared key. The variable cipher-key specifies the password in cipher text. - Set the authentication mode to WAPI-CERT, that is, certificate authentication. a. Run the wapi authentication-method certificate command in the security profile view to set the authentication mode to certificate authentication for WAPI. b. For ACs: Run the wapi import certificate { ac | asu | issuer } file-name file-name [ password cipher cipher-password ] command in the security profile view to import the AC certificate file, certificate of the AC certificate issuer, and ASU certificate file. The variable file-name specifies the AC certificate file name, and cipher-password specifies the AC certificate key in cipher text. For Fat APs: Run the wapi import certificate { ap | asu | issuer } file-name file-name [ password cipher cipher-password ] command in the security profile view to import the AP certificate file, certificate of the AP certificate issuer, and ASU certificate file. The variable file-name specifies the AP certificate file name, and cipher-password specifies the AP certificate key in cipher text. c. For ACs: Run the wapi import private-key file-name file-name [ password cipher cipher-password ] command in the security profile view to import the AC private key file. The variable file-name specifies the name of the AC private key file, and cipher-password specifies the AC private key file in cipher text. For Fat APs: Run the wapi import private-key file-name file-name [ password cipher cipher-password ] command in the security profile view to import the AP private key file. The variable file-name specifies the name of the AP private key file, and cipher-password specifies the AP private key file in cipher text. d. Run the wapi asu ip ip-address command in the security profile view to configure the IP address of the ASU server. The variable ip-address specifies the IP address of the ASU server. 4. Run the commit { all | ap ap-id } command in the WLAN view to deliver configurations to the APs (applicable only to the AC). The variable ap-id specifies the AP ID.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top