How to configure the attack detection function on FAT Aps

12

For V200R003 and V200R005, you can perform the following steps on Fat APs to configure the attack detection function:
1. Run the interface wlan-radio wlan-radio-number command in the system view to display the radio interface view.
2. Run the attack detection enable { all | flood | weak-iv | spoof | wpa-psk | wpa2-psk | wapi-psk | wep-share-key } command in the radio interface view to enable the attack detection function on the AP radio.
3. To enable detection on flood attacks, WPA/WPA2/WAPI pre-shared key (PSK) cracking, and WEP shared key cracking, you must perform the following operations to identify attacks:
a. Run the attack detection flood interval intvalue times timesvalue command in the WLAN view to set the interval for flood attack detection and the maximum number of packets of the same type that an AP can receive within the interval. The variable intvalue specifies the interval for flood attack detection, and timesvalue specifies the number of packets of the same type that an AP can receive within the interval.
b. Run the attack detection psk interval intvalue times timesvalue command in the WLAN view to set the interval for brute force PSK cracking detection and the number of key negotiation failures allowed within the interval. The variable intvalue specifies the interval for brute force PSK cracking detection, and timesvalue specifies the number of key negotiation failures within the interval.
After the attack detection function is configured, you are advised to configure the dynamic blacklist function to dynamically add attack devices to the blacklist. Within the aging time of the dynamic blacklist, the AC rejects packets from attack devices.

Other related questions:
How to configure the attack detection function on AC devices
For V200R003 and V200R005, you can perform the following steps on the AC to configure the attack detection function: 1. Run the ap ap-id radio radio-id command in the WLAN view to display the radio view for a specified AP. 2. Run the attack detection enable { all | flood | weak-iv | spoof | wpa-psk | wpa2-psk | wapi-psk | wep-share-key } command in the radio view to enable the attack detection function on the AP radio. 3. To enable detection on flood attacks, WPA/WPA2/WAPI pre-shared key (PSK) cracking, and WEP shared key cracking, you must perform the following operations to identify attacks: a. Run the ap id ap-id command in the WLAN view to display the AP view. b. Run the attack detection flood interval intvalue times timesvalue command in the AP view to set the interval for flood attack detection and the maximum number of packets of the same type that an AP can receive within the interval. The variable intvalue specifies the interval for flood attack detection, and timesvalue specifies the number of packets of the same type that an AP can receive within the interval. c. Run the attack detection psk interval intvalue times timesvalue command in the AP view to set the interval for brute force PSK cracking detection and the number of key negotiation failures allowed within the interval. The variable intvalue specifies the interval for brute force PSK cracking detection, and timesvalue specifies the number of key negotiation failures within the interval. 4. Run the commit { all | ap ap-id } command in the WLAN view to deliver configurations to the APs.

How to configure the Mesh function for a WLAN device
Fat APs do not support the Mesh function. From V200R005C10, the AP9130DN (Fat AP) can function as a vehicle-mounted AP in vehicle-ground communication scenarios. Because vehicle-mounted APs communicate with trackside APs through Mesh links, the Mesh function can be configured for Fat APs since V200R005C10. However, Fat APs can be used only as vehicle-mounted APs in vehicle-ground communication scenarios, but cannot be used for bridging. Currently, the Mesh function is supported only in the AC+Fit AP architecture. However, in this architecture, the AP6310SN-GN, AP2010DN, AP2030DN, AP7030DE, AP9330DN, AD9430DN-24 (including connected RUs), and AD9430DN-12 (including connected RUs) do not support the Mesh function. For more information about Mesh configurations, see: V200R005: Mesh Configuration. V200R006: Mesh Configuration.

How to configure the WDS function for a WLAN device
Fat APs do not support the WDS function. Currently, the WDS function is supported only in the AC+Fit AP architecture. However, in this architecture, the AP6310SN-GN, AP2010DN, AP2030DN, AP7030DE, AP9330DN, AD9430DN-24 (including connected RUs), and AD9430DN-12 (including connected RUs) do not support the WDS function. In WDS networking, Huawei APs cannot be interconnected to non-Huawei devices. For WDS configuration in the AC+Fit AP architecture, see: V200R005: WDS Configuration. V200R006: WDS Configuration.

Do WLAN devices support the Mesh function
Fat APs do not support the Mesh function. From V200R005C10, the AP9130DN (Fat AP) can function as a vehicle-mounted AP in vehicle-ground communication scenarios. Because vehicle-mounted APs communicate with trackside APs through Mesh links, the Mesh function can be configured for Fat APs since V200R005C10. However, Fat APs can be used only as vehicle-mounted APs in vehicle-ground communication scenarios, but cannot be used for bridging. Currently, the Mesh function is supported only in the AC+Fit AP architecture. However, in this architecture, the AP6310SN-GN, AP2010DN, AP2030DN, AP7030DE, AP9330DN, AD9430DN-24 (including connected RUs), and AD9430DN-12 (including connected RUs) do not support the Mesh function. For more information about Mesh configurations, see: V200R005: Mesh Configuration. V200R006: Mesh Configuration.

Configure basic services of the Fat AP on the AR
You can configure the Fat AP service to enable users to easily access a wireless network and move around within the coverage of the wireless network. The procedure for configuring the basic function of the Fat AP is as follows: 1. Configure the WLAN mode of the device, basic parameters of the AP, and the addresses allocated to STAs. 2. Configure WLAN service VAPs. After APs go online, you can configure service VAPs for the APs to provide differentiated WLAN services for users. The detailed configuration is as follows: Create a WMM profile and a radio profile, bind the WMM profile to the radio profile, create a security profile and a traffic profile, configure a WLAN-BSS interface and a WLAN service set, bind the WLAN-BSS interface, security profile, and traffic profile to the WLAN service set, configure a radio, and bind the radio profile and VAP to the radio. For details, see Example for Configuring Wireless User Access to a WLAN.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top