How to configure detection and containment against rogue devices on WLAN devices

5

After the detection and containment function are configured on an AC and a Fat AP, the monitor AP can identify rogue APs and then use rogue APs' identity information to broadcast Deauthentication frames. After STAs associating with the rogue APs receive the Deauthentication frames, they disassociate from the rogue APs. The containment function prevents STAs from associating with the rogue APs.
- For V200R003 and V200R005, you can perform the following steps on the AC to configure detection and containment against rogue devices:
1. Run the ap ap-id radio radio-id command in the WLAN view to display the radio view for a specified AP. The variable ap-id specifies the AP ID, and radio-id specifies the radio ID.
2. Run the work-mode{ hybrid | monitor } command in the radio view to set the AP working mode to hybrid or monitor.
3. Run the device detect enable command in the radio view to enable the wireless device detection function on the AP.
4. Run the countermeasures enable command in the radio view to enable containment against rogue devices.
5. Run the countermeasures mode rogue { all | ap spoof-ssid | client [ blacklist ] | adhoc } command in the radio view to set containment against rogue
devices.
6. Run the quit command to return to the WLAN view.
7. Run the commit { all | ap ap-id } command in the WLAN view to deliver configurations to the APs.
- For V200R003 and V200R005, you can perform the following steps on Fat APs to configure detection and containment against rogue devices:
1. Run the interface wlan-radio wlan-radio-number command in the system view to display the radio interface view. The variable wlan-radio-number specifies the radio interface.
2. Run the work-mode{ hybrid | monitor } command in the radio interface view to set the AP working mode to hybrid or monitor.
3. Run the device detect enable command in the radio interface view to enable the wireless device detection function on the AP.
4. Run the countermeasures enable command in the radio interface view to enable containment against rogue devices.
5. Run the countermeasures mode rogue { all | ap spoof-ssid | client [ blacklist ] | adhoc } command in the radio interface view to set containment against rogue
devices.

Other related questions:
How to configure interference detection on a WLAN device
For details about how to configure interference detection on an AC, see V200R005: Configuring Interference Detection V200R006: Configuring Interference Detection

Configuring access interfaces on WLAN devices
The following example describes how to configure an access interface on a WLAN device: An access interface can connect to a user host. [HUAWEI]vlan batch 2 //Create a VLAN. [HUAWEI]interface gigabitethernet0/0/1 [HUAWEI-GigabitEthernet0/0/1]port link-type access //Set the interface type to access. [HUAWEI-GigabitEthernet0/0/1]port default vlan 2 //Add the interface to VLAN 2. [HUAWEI-GigabitEthernet0/0/1]quit

Configuring a trunk interface on a WLAN device
The following example describes how to configure a trunk interface on an AC: A trunk interface connects an AC to a switch. [HUAWEI]vlan batch 2 3 //Create VLANs. [HUAWEI]interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1]port link-type trunk //Set the link type of the interface to trunk. The link type of the interface is hybrid by default. [HUAWEI-GigabitEthernet0/0/1]port trunk allow-pass vlan all //Allow packets from all VLANs to pass through. By default, the interface allows only packets from VLAN 1 to pass through. [HUAWEI-GigabitEthernet0/0/1]port trunk pvid vlan 2 //(Optional) Specify VLAN 2 as the default VLAN of the interface (default: VLAN 1).

How to configure channels and power for WLAN devices
Configure radio channels and power for WLAN devices manually or by configuring radio calibration. -Manual configuration Take the configuration on the AC as an example. Users can adjust the channel and power using the channel 20mhz xx and power-level commands. [AC6005-wlan-radio-0/0]display this # radio-profile id 0 channel 20MHz 13 power-level 2 # return Configure channels and power for Fat AP devices in the radio interface view.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top