studyfisher,无线控制器如何配置无线黑名单的呀?(v5)
问题描述:
请教:
无线控制器如何配置无线黑名单的呀?(v5)
命令是什么的呀?
谢谢。
最佳答案
V5 下:
(4) 配置动态黑名单功能
# 在WLAN IDS视图下使能攻击检测功能。
[AC] wlan ids
[AC-wlan-ids] attack-detection enable all
# 在WLAN IDS视图下使能动态黑名单功能。
[AC-wlan-ids] dynamic-blacklist enable
[AC-wlan-ids] quit
# 在Client发起泛洪攻击前,Client可以正常接入无线网络,通过display wlan client verbose命令可以观察到该Client。
<AC> display wlan client verbose
Total Number of Clients : 1
Client Information
-------------------------------------------------------------------------------
MAC Address : 000f-e2cc-ff01
User Name : -NA-
AID : 1
AP Name : ap1
Radio Id : 1
SSID : office
BSSID : 0023-8993-7550
Port : WLAN-DBSS1:1
VLAN : 300
State : Running
Power Save Mode : Active
Wireless Mode : 11an
QoS Mode : WMM
Listen Interval (Beacon Interval) : 10
RSSI : 10
Rx/Tx Rate : 48/36
Client Type : PRE-RSNA
Authentication Method : Open System
AKM Method : None
4-Way Handshake State : -NA-
Group Key State : -NA-
Encryption Cipher : Clear
Roam Status : Normal
Roam Count : 0
Up Time (hh:mm:ss) : 00:09:34
# Client发起攻击后,AC上可以检测到泛洪攻击,AC会将检测到的攻击源加入动态黑名单,在动态黑名单老化期内,AC会拒绝攻击源的关联请求。此时,可以在AC上使用display wlan ids statistics命令显示检测到的泛洪攻击。
<AC> display wlan ids statistics
Current attack tracking since:
-------------------------------------------------------------------------------
Type Current Total
-------------------------------------------------------------------------------
Probe Request Frame Flood Attack 0 0
Authentication Request Frame Flood Attack 0 0
Deauthentication Frame Flood Attack 1 1
Association Request Frame Flood Attack 0 0
Disassociation Request Frame Flood Attack 0 0
Reassociation Request Frame Flood Attack 0 0
Action Frame Flood Attack 0 0
Null Data Frame Flood Attack 0 0
Weak IVs Detected 0 0
Spoofed Deauthentication Frame Attack 0 0
Spoofed Disassociation Frame Attack 0 0
-------------------------------------------------------------------------------
# 使用display wlan blacklist dynamic命令显示动态黑名单列表。
<AC> display wlan blacklist dynamic
Total Number of Entries : 1
Dynamic Blacklist
-------------------------------------------------------------------------------
MAC-Address Lifetime(s) Last Updated Since(hh:mm:ss) Reason
-------------------------------------------------------------------------------
000f-e2cc-ff01 300 00:00:04 Deauth-Flood
-------------------------------------------------------------------------------
# Client停止攻击后,经过黑名单老化时间,使用display wlan blacklist dynamic命令再次查看黑名单,已经没有信息。
<AC> display wlan blacklist dynamic
Info: Table is empty.
# 使用display wlan client verbose命令可以观察到无线客户端又重新上线。
<AC> display wlan client verbose
Total Number of Clients : 1
Client Information
-------------------------------------------------------------------------------
MAC Address : 000f-e2cc-ff01
User Name : -NA-
AID : 1
AP Name : ap1
Radio Id : 1
SSID : office
BSSID : 0023-8993-7550
Port : WLAN-DBSS1:1
VLAN : 300
State : Running
Power Save Mode : Active
Wireless Mode : 11an
QoS Mode : WMM
Listen Interval (Beacon Interval) : 10
RSSI : 10
Rx/Tx Rate : 48/36
Client Type : PRE-RSNA
Authentication Method : Open System
AKM Method : None
4-Way Handshake State : -NA-
Group Key State : -NA-
Encryption Cipher : Clear
Roam Status : Normal
Roam Count : 0
Up Time (hh:mm:ss) : 00:01:34
静态黑名单,web界面下添加比较方便
配置静态黑名单
(1) 在界面左侧的导航栏中选择“安全> 黑白名单”,默认进入“黑名单”页签的页面。
(2) 选择“静态”页签,进入静态黑名单的配置页面,
[6108]wlan ids
[6108-wlan-ids]whitelist mac-address xxxx 白
[6108-wlan-ids]static-blacklist mac-address xxx 黑
谢谢。
studyfisher 发表时间:
