(Optional) Configuring a WIDS Whitelist

Context

After the rogue device containment function is enabled, rogue APs can be detected and contained. However, there may be APs of other vendors or on other networks working in the existing signal coverage areas. If these APs are contained, their services will be affected. To prevent this situation, you can configure the WIDS whitelist profile to add these APs to a WIDS whitelist which includes an authorized MAC address list, OUI list, and SSID list.

The device determines whether a detected AP is authorized as follows:

Check whether the AP's MAC address is in the authorized MAC address list.
- If so, the AP is an authorized AP.
- If not, go to step 2.
Check whether the AP's OUI and SSID are in the OUI and SSID lists.
- If only the SSID is configured, check whether the AP's SSID is in the authorized SSID list.
  - If so, the AP is an authorized AP.
  - If not, the AP is an unauthorized AP.
- If only the OUI is configured, check whether the AP's OUI is in the authorized OUI list.
  - If so, the AP is an authorized AP.
  - If not, the AP is an unauthorized AP.
- Check whether the AP's OUI and SSID are in the OUI and SSID lists.
  - If so, the AP is an authorized AP.
  - If neither or either of them is in the list, the AP is an unauthorized AP.

Procedure

Run system-view
The system view is displayed.
Run wlan
The WLAN view is displayed.
Run wids-whitelist-profile name profile-name
A WIDS whitelist profile is created and the WIDS whitelist profile view is displayed.

By default, the system provides the WIDS whitelist profile default.
Run permit-ap { mac-address mac-address | oui oui | ssid ssid }
A WIDS whitelist is configured.

By default, no WIDS whitelist is configured.
Run quit
Return to the WLAN view.
Run wids-profile name profile-name
The WIDS profile view is displayed.
Run wids-whitelist-profile profile-name
The WIDS whitelist profile is applied to the WIDS profile.

By default, the WIDS whitelist profile default is bound to a WIDS profile.