[huawei]wlan
[huawei-wlan-view]wids-profile name w1 //创建一个WIDS模板并进入WIDS模板视图
[huawei-wlan-view]ap-group name g1 //进入AP组视图
[huawei-wlan-ap-group-g1]radio 0 //进入射频视图
[huawei-wlan-group-radio-g1/0]work-mode normal //配置AP组射频的工作模式,缺省正常模式
[huawei-wlan-group-radio-g1/0]work-mode monitor
[huawei-wlan-view]air-scan-profile name a1 //创建空口扫描模板并进入空口扫描模板视图
[huawei-wlan-air-scan-prof-a1]undo scan-disable //开启空口扫描功能,缺省处于开启状态
[huawei-wlan-air-scan-prof-a1]scan-channel-set country-channel //配置空口扫描信道集合,缺省为AP对应国家码支持的所有信道
[huawei-wlan-air-scan-prof-a1]scan-channel-set dca-channel
[huawei-wlan-air-scan-prof-a1]scan-channel-set work-channel
[huawei-wlan-air-scan-prof-a1]scan-period 60 //配置空口扫描的持续时间,缺省是60毫秒
[huawei-wlan-air-scan-prof-a1]scan-interval 60000 //配置空口扫描的时间间隔,缺省为60000毫秒
[huawei-wlan-view]radio-2g-profile name r2 //进入2G射频模板
[huawei-wlan-radio-2g-prof-r2]air-scan-profile a1 //在射频模板下引用空口扫描模板
[huawei-wlan-view]ap-group name g1
[huawei-wlan-ap-group-g1]radio 0
[huawei-wlan-group-radio-g1/0]wids device detect enable //使能设备检测功能
[huawei-wlan-view]wids-profile name w1 //进入WIDS模板视图
[huawei-wlan-wids-prof-w1]device report-interval 300 //配置AP增量上报检测的无线设备信息的间隔时间,缺省为300秒
[huawei-wlan-wids-prof-w1]device synchronization-interval 360 //配置AP上报全量检测的无线设备信息的间隔时间,缺省为360分钟
[huawei-wlan-view]wids-spoof-profile name w1 //创建一个SSID仿冒识别规则模板并进入SSID仿冒识别规则模板视图
[huawei-wlan-wids-spoof-w1]spoof-ssid fuzzy-match regex 1 //配置仿冒SSID的模糊匹配规则
[huawei-wlan-view]wids-profile name w1 //进入WIDS模板视图
[huawei-wlan-wids-prof-w1]wids-spoof-profile w1 //应用SSID仿冒识别规则模板到WIDS模板
[huawei-wlan-view]wids-whitelist-profile name wh1 //创建一个WIDS白名单模板并进入WIDS白名单模板视图
[huawei-wlan-wids-whitelist-wh1]permit-ap mac-address 1000-0000-0000 //配置WIDS白名单列表
[huawei-wlan-wids-whitelist-wh1]permit-ap oui 10-00-00
[huawei-wlan-wids-whitelist-wh1]permit-ap ssid 1
[huawei-wlan-view]wids-profile name w1 //进入WIDS模板视图
[huawei-wlan-wids-prof-w1]wids-whitelist-profile wh1 //应用WIDS白名单模板到WIDS模板
[huawei-wlan-view]ap-group name g1
[huawei-wlan-ap-group-g1]radio 0
[huawei-wlan-group-radio-g1/0]wids contain enable //在AP组射频下使能非法设备反制功能
[huawei-wlan-view]wids-profile name w1 //进入WIDS模板视图
[huawei-wlan-wids-prof-w1]contain-mode open-ap //配置AP对非法设备的反制模式
[huawei-wlan-wids-prof-w1]contain-mode spoof-ssid-ap
[huawei-wlan-wids-prof-w1]contain-mode client
[huawei-wlan-wids-prof-w1]contain-mode adhoc
[huawei-wlan-view]ap-group name g1 //进入AP组视图
[huawei-wlan-ap-group-g1]wids-profile w1 //在AP组中引用WIDS模板
[huawei]display wids-profile all //查看WIDS模板的信息
[huawei]display wids-whitelist-profile all //查看WIDS白名单模板的信息
[huawei]display wids-spoof-profile all //查看SSID仿冒识别规则模板的信息
[huawei]display references wids-profile name w1 //查看WIDS模板的引用信息
[huawei]display references wids-spoof-profile name w1 //查看SSID仿冒识别规则模板的引用信息
[huawei]display references wids-whitelist-profile name wh1 //查看WIDS白名单模板的引用信息
[huawei-wlan-view]ap-group name g1
[huawei-wlan-ap-group-g1]radio 0
[huawei-wlan-group-radio-g1/0]wids attack detect enable all //在AP组射频下使能攻击检测功能
[huawei-wlan-group-radio-g1/0]wids attack detect enable flood
[huawei-wlan-group-radio-g1/0]wids attack detect enable weak-iv
[huawei-wlan-group-radio-g1/0]wids attack detect enable spoof
[huawei-wlan-group-radio-g1/0]wids attack detect enable wpa-psk
[huawei-wlan-group-radio-g1/0]wids attack detect enable wpa2-psk
[huawei-wlan-group-radio-g1/0]wids attack detect enable wapi-psk
[huawei-wlan-group-radio-g1/0]wids attack detect enable wep-share-key
[huawei-wlan-view]wids-profile name w1 //进入WIDS模板视图
[huawei-wlan-wids-prof-w1]flood-detect interval 60 //配置泛洪攻击的检测周期,缺省为60秒
[huawei-wlan-wids-prof-w1]flood-detect threshold 300 //配置泛洪攻击检测阈值,缺省为300
[huawei-wlan-wids-prof-w1]flood-detect quiet-time 600 //配置AP检测到泛洪攻击后上报AC的静默时间,缺省为600秒
[huawei-wlan-wids-prof-w1]weak-iv-detect quiet-time 600 //配置AP检测到弱向量攻击后上报AC的静默时间,缺省为600秒
[huawei-wlan-wids-prof-w1]spoof-detect quiet-time 600 //配置AP检测到欺骗攻击后上报AC的静默时间,缺省为600秒
[huawei-wlan-wids-prof-w1]brute-force-detect threshold 20 //配置暴力破解密钥攻击的检测周期内,允许密钥错误的次数,缺省为20次
[huawei-wlan-wids-prof-w1]brute-force-detect interval 60 //配置暴力破解密钥攻击的检测周期,缺省为60秒。
[huawei-wlan-wids-prof-w1]brute-force-detect quiet-time 600 //配置AP检测到暴力破解密钥攻击后上报AC的静默时间,缺省为600秒
[huawei-wlan-wids-prof-w1]dynamic-blacklist enable //使能动态黑名单功能
[huawei]display ap-system-profile all //查看AP系统模板的配置信息
[huawei]display wlan ids device-detected all //查看检测到的WLAN设备信息
[huawei]display wlan ids device-detected statistics //查看WLAN网络中检测到的各种无线设备的统计信息
[huawei]display wlan ids rogue-history all //查看检测到的设备的历史记录信息
[huawei]display wlan ids contain all //查看被反制的设备信息
[huawei]display wlan ids attack-detected all //查看检测到的攻击设备信息
[huawei]display wlan ids attack-history all //查看检测到的攻击设备的历史记录信息
[huawei]display wlan ids attack-detected statistics //查看检测到的各类攻击次数统计
[huawei]display wlan dynamic-blacklist all //查看加入动态黑名单的攻击设备
[huawei]display station dynamic-blacklist ap-id 0 //查看动态黑名单列表
[huawei]reset wlan ids attack-detected all //清除检测到的攻击设备信息
[huawei]reset wlan ids attack-detected statistics //清除检测到的攻击次数
[huawei]reset wlan ids attack-history all //清除检测到的攻击设备的历史记录信息
[huawei]reset wlan ids device-detected all //清除检测到的无线设备列表
[huawei]reset wlan ids rogue-history all //清除非法设备历史记录
华为设备WLAN安全配置命令
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
