动态黑名单(Dynamic Blacklist)属于无线安全功能模块中防Dos攻击的部分。动态黑名单列表包含将被丢弃帧的终端设备的MAC地址。AP使用该列表,丢弃该名单中的终端设备发送的数据帧,当检测到某个终端设备发送泛洪报文超过安全阈值时,将该终端设备添加到黑名单列表。
1.配置动态黑名单:
wireless
no wids-security client threshold-interval auth
wids-security client threshold-interval 6000
wids-security client configured-auth-rate
dynamic-blacklist
dynamic-backlist lifetime 600
network 100
mac authentication local
2.配置黑名单\白名单
拒绝无线终端接入列表:
wireless
mac-authentication-mode black-list
know-client 00-11-11-11-11-11 action global-action
network 1
mac authentication local
wireless ap profile apply 1
允许无线终端接入列表:
wireless
mac-authenticatio-mode white-list
know-client 00-22-22-22-22-22 action global-action
network 1
mac authentication local
3.配置ARP抑制:
wireless
network 1
arp-suppression