刘雅婷,某局点开启WIPS功能将合法AP识别为非法AP
问题描述
某局点启用WIPS反制功能,配置完成后,发现现场的合法AP(添加了trust mac)也被识别为非法AP
wips
#
ap-classification rule 1
ssid not equal H3C_WiFi
#
ap-classification rule 2
ssid equal H3C_WiFi
#
classification policy test
apply ap-classification rule 1 rogue-ap severity-level 100
apply ap-classification rule 2 rogue-ap severity-level 100
trust mac-address 00dd-xxxx-b7f0
trust mac-address 00dd-xxxx-b7f1
trust mac-address 00dd-xxxx-b7f2
trust mac-address b845-xxxx-5480
trust mac-address b845-xxxx-5481
trust mac-address b845-xxxx-5482
trust mac-address b845-xxxx-5980
invalid-oui-classify illegal
在AC上查看反制记录,发现trust mac的AP也被识别为了非法AP:
[AC-wips]dis wips virtual-security-domain test device
Total 245 detected devices in virtual-security-domain test
Class: Auth - authorization; Ext - external; Mis - mistake;
Unauth - unauthorized; Uncate - uncategorized;
(A) - associate; (C) - config; (P) - potential;
Ad-hoc; Mesh
MAC address Type Class Duration Sensors Channel Status
00dd-xxxx-b7f1 AP Rogue 02h 01m 19s 1 52 Active
00dd-xxxx-b7f2 AP Rogue 01h 43m 03s 1 52 Active
00e0-xxxx-08f1 AP Rogue 01h 05m 29s 1 149 Active
0442-xxxx-c8e4 AP Rogue 02h 02m 51s 1 161 Active
……
过程分析
查看AC上配置,发现配置中有一条:
classification policy test
apply ap-classification rule 1 rogue-ap severity-level 100
apply ap-classification rule 2 rogue-ap severity-level 100
trust mac-address 00dd-xxxx-b7f0
trust mac-address 00dd-xxxx-b7f1
trust mac-address 00dd-xxxx-b7f2
trust mac-address b845-xxxx-5480
trust mac-address b845-xxxx-5481
trust mac-address b845-xxxx-5482
trust mac-address b845-xxxx-5980
invalid-oui-classify illegal // 命令用来配置对非法OUI的设备进行分类
此条配置的目的是启动非法oui检测,只有设备默认的和导入的oui才是信任的,其他都是非法的,优先级高于trust mac,因此将现场所有合法AP都是别为非法AP
此条配置需要使用导入oui列表才行,如果不导入就使用默认的,默认是设备出厂带的;
解决方法
将配置 invalid-oui-classify illegal 删除,设备能够正常识别非法AP和合法AP。
CRM论坛(CRMbbs.com)——一个让用户更懂CRM的垂直性行业内容平台,CRM论坛致力于互联网、客户管理、销售管理、SCRM私域流量内容输出5年。 如果您有好的内容,欢迎向我们投稿,共建CRM多元化生态体系,创建CRM客户管理一体化生态解决方案。本文来源:知了社区基于知识共享署名-相同方式共享3.0中国大陆许可协议,某局点开启WIPS功能将合法AP识别为非法AP
