How to enable wireless device detection

8

After the WIDS function is enabled, an AP can detect wireless devices in its coverage range. In this way, the AC or the Fat AP knows wireless devices on the WLAN to determine whether rogue devices exist. The detailed procedure is as follows:
1. Run the work-mode monitor command in the radio profile view to change the working mode to the monitoring mode, which allows no user access.
2. Run the device detect enable command in the WIDS classify profile to enable wireless device detection.

Other related questions:
How to disable wireless signals of a WLAN device
To save energy or ensure security, run the following commands to disable AP radios or WLAN services: 1. Disable a specified radio. - For AC+Fit AP networking V200R005: [AC6605] wlan [AC6605-wlan-view] ap 0 radio 0 [AC6605-wlan-radio-0/0] undo radio enable For V200R006: [AC6605] wlan [AC6605-wlan-view] ap-id 1 [AC6605-wlan-ap-1] radio 0 [AC6605-wlan-radio-1/0] radio disable Warning: This action may cause service interruption. Continue?[Y/N]y - For Fat APs V200R005: [Huawei] interface wlan-radio 0/0/0 [Huawei-Wlan-Radio0/0/0] undo radio enable For V200R006: [Huawei] interface wlan-radio 0/0/0 [Huawei-Wlan-Radio0/0/0] radio disable Warning: This action may cause service interruption. Continue?[Y/N]y 2. Prevent users from accessing the WLAN in the specified time range. For V200R005: [AC6605] wlan [AC6605-wlan-view] auto-off service ess service-set id 0 start-time 01:00:00 end-time 07:00:00 //Disable the service set with ID 0 from 1:00:00 to 7:00:00. For V200R006: [HUAWEI]wlan [HUAWEI-wlan-view]vap-profile name vap1 [HUAWEI-wlan-vap-prof-vap1]auto-off service start-time 1:00:00 end-time 7:00:00 //Disable a VAP from 1:00:00 to 7:00:00. 3. Disable an AP radio in a scheduled time using the auto-off service radio command (V200R005). For AC+Fit AP networking: [AC6605] wlan [AC6605-wlan-view] auto-off service radio ap-id 0 radio-id 0 start-time 1:00:00 end-time 7:00:00 //Disable radios 0 of AP 0 from 1:00:00 to 7:00:00. For Fat APs: [Huawei] wlan [Huawei-wlan-view] auto-off service radio interface wlan-radio0/0/0 start-time 1:00:00 end-time 7:00:00 //Disable AP interface wlan-radio0/0/0 from 1:00:00 to 7:00:00.

How to configure interference detection on a WLAN device
For details about how to configure interference detection on an AC, see V200R005: Configuring Interference Detection V200R006: Configuring Interference Detection

How Can I Do If One Device Is Detected As Multiple Devices?
In normal conditions, even multiple file engine enclosures (more than two nodes) are detected as one device. If a device is detected as multiple devices, it is likely that incorrect heartbeat network information is obtained. You need to check whether the heartbeat connections of all nodes are correct.

How to configure the attack detection function on AC devices
For V200R003 and V200R005, you can perform the following steps on the AC to configure the attack detection function: 1. Run the ap ap-id radio radio-id command in the WLAN view to display the radio view for a specified AP. 2. Run the attack detection enable { all | flood | weak-iv | spoof | wpa-psk | wpa2-psk | wapi-psk | wep-share-key } command in the radio view to enable the attack detection function on the AP radio. 3. To enable detection on flood attacks, WPA/WPA2/WAPI pre-shared key (PSK) cracking, and WEP shared key cracking, you must perform the following operations to identify attacks: a. Run the ap id ap-id command in the WLAN view to display the AP view. b. Run the attack detection flood interval intvalue times timesvalue command in the AP view to set the interval for flood attack detection and the maximum number of packets of the same type that an AP can receive within the interval. The variable intvalue specifies the interval for flood attack detection, and timesvalue specifies the number of packets of the same type that an AP can receive within the interval. c. Run the attack detection psk interval intvalue times timesvalue command in the AP view to set the interval for brute force PSK cracking detection and the number of key negotiation failures allowed within the interval. The variable intvalue specifies the interval for brute force PSK cracking detection, and timesvalue specifies the number of key negotiation failures within the interval. 4. Run the commit { all | ap ap-id } command in the WLAN view to deliver configurations to the APs.

How to configure detection and containment against rogue devices on WLAN devices
After the detection and containment function are configured on an AC and a Fat AP, the monitor AP can identify rogue APs and then use rogue APs' identity information to broadcast Deauthentication frames. After STAs associating with the rogue APs receive the Deauthentication frames, they disassociate from the rogue APs. The containment function prevents STAs from associating with the rogue APs. - For V200R003 and V200R005, you can perform the following steps on the AC to configure detection and containment against rogue devices: 1. Run the ap ap-id radio radio-id command in the WLAN view to display the radio view for a specified AP. The variable ap-id specifies the AP ID, and radio-id specifies the radio ID. 2. Run the work-mode{ hybrid | monitor } command in the radio view to set the AP working mode to hybrid or monitor. 3. Run the device detect enable command in the radio view to enable the wireless device detection function on the AP. 4. Run the countermeasures enable command in the radio view to enable containment against rogue devices. 5. Run the countermeasures mode rogue { all | ap spoof-ssid | client [ blacklist ] | adhoc } command in the radio view to set containment against rogue devices. 6. Run the quit command to return to the WLAN view. 7. Run the commit { all | ap ap-id } command in the WLAN view to deliver configurations to the APs. - For V200R003 and V200R005, you can perform the following steps on Fat APs to configure detection and containment against rogue devices: 1. Run the interface wlan-radio wlan-radio-number command in the system view to display the radio interface view. The variable wlan-radio-number specifies the radio interface. 2. Run the work-mode{ hybrid | monitor } command in the radio interface view to set the AP working mode to hybrid or monitor. 3. Run the device detect enable command in the radio interface view to enable the wireless device detection function on the AP. 4. Run the countermeasures enable command in the radio interface view to enable containment against rogue devices. 5. Run the countermeasures mode rogue { all | ap spoof-ssid | client [ blacklist ] | adhoc } command in the radio interface view to set containment against rogue devices.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top