H3c-technologies H3C WA3600 Series Access Points Manuel d'utilisateur Page 439
- Page / 447
- Table des matières
- DEPANNAGE
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
426
At present, spoofing attack detection counters this type of attack by detecting broadcast
de-authentication and disassociation frames sent on behalf of an AP. When such a frame is received, it
is identified as a spoofed frame, and the attack is immediately logged.
Weak IV detection
Wired Equivalent Privacy (WEP) uses an Initialization Vector (IV) to encrypt each frame. An IV and a key
are used to generate a key stream, and thus encryptions using the same key have different results. When
a WEP frame is sent, the IV used in encrypting the frame is also sent as part of the frame header.
However, if a WLAN device generates IVs in an insecure way, for example, if it uses a fixed IV for all
frames, the shared secret key may be exposed to potential attackers. When the shared secret key is
compromised, the attacker can access network resources.
Weak IV detection counters this attack by verifying the IVs in WEP frames. Whenever a frame with a
weak IV is detected, it is immediately logged.
Blacklist and white list
Blacklist and white list
You can configure the blacklist and white list functions to filter frames from WLAN clients and thereby
implement client access control.
The WLAN client access control is accomplished through the following types of lists.
• White list—Contains the MAC addresses of all clients allowed to access the WLAN. If the white list
is used, only permitted clients can access the WLAN, and all frames from other clients are
discarded.
• Static blacklist—Contains the MAC addresses of clients forbidden to access the WLAN. This list is
manually configured.
• Dynamic blacklist—Contains MAC addresses of clients whose frames are dropped. A client is
dynamically added to the list if it is considered sending attacking frames until the timer of the entry
expires.
Process procedure
When an AP receives an 802.11 frame, it checks the source MAC address of the frame and processes the
frame as follows:
1. If the source MAC address does not match any entry in the white list, it is dropped. If there is a
match, the frame is considered valid and processed.
2. If no white list entries exist, the static and dynamic blacklists are searched.
If the source MAC address matches an entry in any of the two lists, it is dropped.
If there is no match, or no blacklist entries exist, the frame is considered valid and processed.
Configuring WIDS
Configuring WIDS
1. Select Security > WIDS from the navigation tree.
You will enter the WIDS Setup tab.
- H3C WA Series Access Points 1
- Preface 3
- Symbols 4
- Network topology icons 4
- Obtaining documentation 5
- Technical support 5
- Documentation feedback 5
- Contents 6
- Feature matrix 14
- Table 2 Feature matrix 15
- Module Feature WA2600 series 15
- WA3600 series 15
- Quick Start 16
- Admin configuration 17
- IP configuration 18
- Wireless configuration 19
- RADIUS configuration 20
- Encryption configuration 22
- Configuration summary 25
- Summary 33
- Device info 34
- System resource state 34
- Device interface information 34
- Displaying WLAN service 35
- Displaying radio 39
- Displaying WDS 42
- Displaying client 43
- Configuring system name 48
- 4. Click Apply 49
- Software upgrade 50
- Diagnostic information 52
- System time configuration 54
- Configuring the system time 55
- Log management configuration 56
- Setting the log host 57
- Loghost IP/Domain 58
- Configuration management 60
- Saving configuration 61
- Initializing configuration 62
- Displaying file list 63
- Downloading a file 63
- Uploading a file 64
- Removing a file 64
- Creating an interface 67
- TR-069 configuration 76
- Creating a user 79
- Setting the super password 80
- SNMP configuration 82
- Enabling SNMP 84
- Configuring an SNMP view 85
- Adding rules to an SNMP view 87
- Configuring an SNMP group 88
- Configuring an SNMP user 90
- SNMP configuration example 94
- Configuring the NMS 99
- Loopback configuration 100
- Configuration guidelines 101
- MAC address configuration 102
- Network requirements 105
- VLAN configuration 107
- Creating a VLAN 108
- Modifying a VLAN 108
- Modifying a port 109
- VLAN configuration example 111
- ARP configuration 114
- Creating a static ARP entry 115
- Removing ARP entries 116
- Configuring gratuitous ARP 116
- Configuration procedure 117
- IGMP snooping configuration 118
- Configuring Router A 124
- Configuring AP 124
- Verifying the configuration 125
- Overview 127
- Configuration outlines 132
- DHCP overview 137
- Enabling DHCP 138
- DHCP client 143
- DHCP server 143
- DNS configuration 146
- Adding a DNS server address 148
- Adding a domain name suffix 149
- Clearing dynamic DNS cache 149
- DNS configuration example 149
- DNS server 150
- DNS client 150
- Configuring the AP 152
- Configuring PPPoE client 154
- Configuring the PPPoE client 159
- Configuring the PPPoE server 159
- Service management 161
- Item Descri 163
- Diagnostic tools 164
- Ping operation 165
- IPv6 ping operation 166
- Trace route operation 168
- Web overview 170
- (1) Navi 171
- Web user level 172
- Common buttons and icons 180
- Content display by pages 180
- Searching function 181
- Sorting function 183
- Troubleshooting web browser 185
- Radio configuration 188
- Configuring 802.11n MCS 193
- Configuring 802.11n rates 195
- Configuring calibration 196
- Parameter setting 197
- Configuring channel scanning 199
- Displaying detection record 203
- Displaying history record 204
- Antenna 205
- AAA configuration 206
- Configuring AAA 207
- AAA configuration example 213
- <AP> system-view 216
- [AP] telnet server enable 216
- [AP] user-interface vty 0 4 216
- [AP-ui-vty0-4] quit 216
- HWTACACS configuration 232
- Configuring HWTACACS servers 233
- interval (in minutes) 243
- User configuration 244
- Configuring a user group 247
- Configuring a guest 248
- Certificate management 251
- Creating a PKI entity 254
- Creating a PKI domain 255
- Generating an RSA key pair 258
- Destroying the RSA key pair 259
- PKI configuration example 262
- Configuring the CA server 263
- Wireless service 268
- Scanning 269
- Authentication 270
- Association 271
- Other related procedures 271
- WLAN data security 272
- Client access authentication 273
- Introduction to WDS 275
- Mesh bridge connection 276
- Repeater mode overview 277
- LAN Segment 278
- Configuring wireless service 279
- Enabling a wireless service 297
- Enabling a radio 297
- Configuring WDS service 298
- Configuring global WDS 302
- Enabling WDS service 303
- Enabling the client mode 304
- Method 1 305
- Displaying statistics 306
- L2 switch 312
- Configuring the client 314
- WDS configuration examples 350
- Configuring the repeater 354
- Configuring ACL and QoS 362
- Configuring an ACL 363
- Adding a time range 364
- Adding an IPv4 ACL 365
- Item Descri 368
- Adding an IPv6 ACL 373
- Configuring priority mapping 378
- Configuring a QoS policy 380
- Adding a class 381
- Adding a traffic behavior 385
- Adding a policy 389
- Applying a policy to a port 390
- Configuring wireless QoS 403
- WMM protocol overview 404
- Enabling wireless QoS 405
- Setting the SVP service 406
- Setting CAC admission policy 407
- Displaying radio statistics 410
- Displaying client statistics 412
- Setting rate limiting 413
- Setting guaranteed bandwidth 415
- Enabling bandwidth guarantee 416
- Advanced settings 424
- Uplink interface 425
- L2 Switch 425
- Setting a district code 426
- Configuring band navigation 430
- WLAN security configuration 438
- Configuring WIDS 439
- Configuring static blacklist 442
- Configuring white list 442
- User isolation 444
© 2020, manymanuals.fr. Tous droits réservés | 0.551 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels