How to configure the attack detection function on AC devices

4

For V200R003 and V200R005, you can perform the following steps on the AC to configure the attack detection function:
1. Run the ap ap-id radio radio-id command in the WLAN view to display the radio view for a specified AP.
2. Run the attack detection enable { all | flood | weak-iv | spoof | wpa-psk | wpa2-psk | wapi-psk | wep-share-key } command in the radio view to enable the attack detection function on the AP radio.
3. To enable detection on flood attacks, WPA/WPA2/WAPI pre-shared key (PSK) cracking, and WEP shared key cracking, you must perform the following operations to identify attacks:
a. Run the ap id ap-id command in the WLAN view to display the AP view.
b. Run the attack detection flood interval intvalue times timesvalue command in the AP view to set the interval for flood attack detection and the maximum number of packets of the same type that an AP can receive within the interval. The variable intvalue specifies the interval for flood attack detection, and timesvalue specifies the number of packets of the same type that an AP can receive within the interval.
c. Run the attack detection psk interval intvalue times timesvalue command in the AP view to set the interval for brute force PSK cracking detection and the number of key negotiation failures allowed within the interval. The variable intvalue specifies the interval for brute force PSK cracking detection, and timesvalue specifies the number of key negotiation failures within the interval.
4. Run the commit { all | ap ap-id } command in the WLAN view to deliver configurations to the APs.

Other related questions:
How to configure the attack detection function on FAT Aps
For V200R003 and V200R005, you can perform the following steps on Fat APs to configure the attack detection function: 1. Run the interface wlan-radio wlan-radio-number command in the system view to display the radio interface view. 2. Run the attack detection enable { all | flood | weak-iv | spoof | wpa-psk | wpa2-psk | wapi-psk | wep-share-key } command in the radio interface view to enable the attack detection function on the AP radio. 3. To enable detection on flood attacks, WPA/WPA2/WAPI pre-shared key (PSK) cracking, and WEP shared key cracking, you must perform the following operations to identify attacks: a. Run the attack detection flood interval intvalue times timesvalue command in the WLAN view to set the interval for flood attack detection and the maximum number of packets of the same type that an AP can receive within the interval. The variable intvalue specifies the interval for flood attack detection, and timesvalue specifies the number of packets of the same type that an AP can receive within the interval. b. Run the attack detection psk interval intvalue times timesvalue command in the WLAN view to set the interval for brute force PSK cracking detection and the number of key negotiation failures allowed within the interval. The variable intvalue specifies the interval for brute force PSK cracking detection, and timesvalue specifies the number of key negotiation failures within the interval. After the attack detection function is configured, you are advised to configure the dynamic blacklist function to dynamically add attack devices to the blacklist. Within the aging time of the dynamic blacklist, the AC rejects packets from attack devices.

How to configure interference detection on a WLAN device
For details about how to configure interference detection on an AC, see V200R005: Configuring Interference Detection V200R006: Configuring Interference Detection

Can the device prevent ARP attacks after the ARP anti-attack function is configured
After the ARP anti-attack function is configured, the device can only reduce the impact of the ARP attacks. For example: --ARP Miss message limiting can only reduce the impact of ARP Miss attacks, but cannot prevent ARP Miss attacks or defend against ARP packet attacks or ARP spoofing attacks. --ARP gateway anti-collision can only prevent bogus gateway attacks, but cannot prevent ARP flood attacks or ARP spoofing gateway attacks.

How to enable the Telnet server function for a WLAN device
By default, the Telnet server function is enabled for WLAN devices of V200R003 and earlier versions and disabled for WLAN devices of V200R005 and later versions. Run the telnet server enable command to enable the Telnet server function. For a Fit AP, if it has gone online on an AC, run the telnet enable command in the AP profile view of the AC to enable the Telnet service for this Fit AP.

How to configure roaming on an AC
By default, the AC supports intra-AC roaming, which can be implemented as long as the basic WLAN services are configured and the source and destination APs have the same SSID and security policy. To implement inter-AC roaming, you need to configure the master controller, mobility group, and home agent. Note the following points when configuring WLAN roaming: 1. Two APs must use the same SSID and security profile. 2. In the direct forwarding mode, services of a roaming user may be interrupted for a short period because ARP entries of the access device connected to an AP do not age in time. To prevent this problem, run the learn client ip-address enable command in the VAP profile view on the AC to enable STA IP address learning. This function enablesAPs to promptly send gratuitous ARP packets to the access device for ARP entry updates, so that user services will not be interrupted during roaming. By default, STA IP address learning is enabled. 3. A maximum of 16 ACs can be added to a mobility group. An AC can be added only to one mobility group. 4. ACs in the same mobility group must use the same software version, otherwise inter-AC roaming may fail. 5. In dual-link hot standby (HSB) scenarios, roaming between active and standby ACs is not supported. Service interruption may occur if users roam in this scenario.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top