Configuration Guide Configuring WIDS
AP-based: Communication cannot proceed between layer-2 users under the same AP.
AP-SSID based: Communication cannot proceed between layer-2 users under the same AP and in the same WLAN.
Rogue Containment Modes
The Rogue containment has the following four modes:
Ad-hoc containment mode, containing the Rogue Ad-hoc devices
Rogue containment mode, containing the Rogue devices with over-limit RSSI
SSID containment mode, containing illegal devices with the same SSID
Config containment mode, containing the illegal devices in the static attack list or the SSID blacklist
Detected Devices
The types of detected rogue devices are as follows:
APs
Ad-hoc devices
Unknown STAs
Overview
Certain filtering rules are used to filter the packets from STAs for access control.
Timely discovers and defends against malicious or unintentional attacks in WLAN.
Interdicts the insecure access between STAs in WLAN to prevent disclosure of private
information.
Rogue detection and
containment
Monitors abnormal devices in the whole WLAN, helping the network administrators find hidden
dangers in networks.
Rogue containment refers to containing Rogue devices by sending fake deauthentication
frames to the addresses of Rogue devices in a blacklist.
2.3.1 Frame Filtering
The access control over STAs includes: low-rate filter, whitelist, static blacklist, dynamic blacklist, SSID-based whitelist and
SSID-based blacklist.
Working Principle
Low-Rate Filter
The low-rate filter sets a kickout threshold. When the threshold is larger than 0, the filter is enabled. If the STA rate is lower
than this threshold, the STA's packets will be discarded and this STA will be disconnected.
Whitelist
To Next Page
Loading...
Need help?
General
