Administrator
文章
42
分类
7
评论
0

无线业务安全

| wlan
字数总计 3315 | 阅读时长 8分钟 | 阅读量 8

配置WIDS/WIPS功能

  • 配置设备检测和反制功能示例。

<Huawei> system-view 
[Huawei] wlan
[Huawei-wlan-view] ap-id 0 
[Huawei-wlan-ap-0] radio 0
[Huawei-wlan-radio-0/0] wids device detect enable                //使能设备检测功能 
[Huawei-wlan-radio-0/0] wids contain enable                       //使能设备反制功能 
[Huawei-wlan-radio-0/0] quit
[Huawei-wlan-ap-0] quit
[Huawei-wlan-view] wids-profile name wlan-wids                   //创建WIDS模板
[Huawei-wlan-wids-prof-wlan-wids] contain-mode spoof-ssid-ap         //配置对非法设备或干扰设备的反制模式
[Huawei-wlan-wids-prof-wlan-wids] quit 
[Huawei-wlan-view] ap-id 0
[Huawei-wlan-ap-0] wids-profile wlan-wids             //在AP中引用WIDS模板

配置攻击检测和动态黑名单功能示例。

<Huawei> system-view
[Huawei] wlan
[Huawei-wlan-view] ap-id 0
[Huawei-wlan-ap-0] radio 0
[Huawei-wlan-radio-0/0] wids attack detect enable all           //使能攻击检测功能
[Huawei-wlan-radio-0/0] quit
[Huawei-wlan-ap-0] quit
[Huawei-wlan-view] wids-profile name wlan-wids                  //创建WIDS模板
[Huawei-wlan-wids-prof-wlan-wids] dynamic-blacklist enable          //使能动态黑名单功能
[Huawei-wlan-wids-prof-wlan-wids] quit
[Huawei-wlan-view] ap-id 0
[Huawei-wlan-ap-0] wids-profile wlan-wids                //在AP中引用WIDS模板

配置安全策略功能

  • WLAN安全策略均在安全模板内配置,模板下仅能配置一种安全策略。用户可以 根据需要,创建多个安全模板来承载不同的安全策略,应用于不同的VAP。这里 以配置WPA2-PSK-AES认证为例:

<Huawei> system-view 
[Huawei] wlan
[Huawei-wlan-view] security-profile  name wlan-security           //创建安全模板
[HUAWEI-wlan-sec-prof-wlan-security] security wpa2 psk pass-phrase a1234567 aes       //配置安全策略为WPA2-PSK-AES
[HUAWEI-wlan-sec-prof-wlan-security] quit 
[Huawei-wlan-view] vap-profile name vap1		//创建VAP模板
[HUAWEI-wlan-vap-prof-vap1] security-profile wlan-security        //在VAP模板中引用安全模板

配置STA黑白名单功能

<Huawei> system-view 
[Huawei] wlan
[Huawei-wlan-view] sta-whitelist-profile name sta-whitelist      //创建STA白名单模板 
[Huawei-wlan-whitelist-prof-sta-whitelist] sta-mac 0001-0001-0001  //将STA的MAC地址加入STA白名单
[Huawei-wlan-whitelist-prof-sta-whitelist] quit
[Huawei-wlan-view] sta-blacklist-profile name sta-blacklist      //创建STA黑名单模板
[Huawei-wlan-blacklist-prof-sta-blacklist] sta-mac 0002-0002-0002   //将STA的MAC地址加入STA黑名单

配置VAP内的用户隔离功能

<Huawei> system-view 
[Huawei] wlan
[Huawei-wlan-view] traffic-profile name traff1	 //创建流量模板
[HUAWEI-wlan-traffic-prof-traff1]  user-isolate l2           //配置用户隔离功能
Warning: Enabling user isolation may interrupt services. Are you sure you want to continue? [Y/N]:y 
[HUAWEI-wlan-traffic-prof-traff1]  quit 
[Huawei-wlan-view] vap-profile  name vap1//创建VAP模板
[HUAWEI-wlan-vap-prof-vap1] traffic-profile  traff1                //在VAP模板中引用流量模板

配置端口隔离功能

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port-isolate enable      //配置该接口的端口隔离功能
文章作者: Administrator
本文链接:
版权声明: 本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 曹少卿的Blog
wlan wlan
喜欢就支持一下吧
打赏
微信 微信
支付宝 支付宝