< Home

display station dynamic-blacklist

Function

The display station dynamic-blacklist command displays the dynamic blacklist on an AP.

Format

display station dynamic-blacklist { ap-id ap-id | ap-name ap-name }

Parameters

Parameter Description Value
ap-id ap-id

Displays information about STAs that are denied access on the AP with a specified ID.

The AP ID must exist.
ap-name ap-name

Displays information about STAs that are denied access on the AP with a specified name.

The AP name must exist.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

There is a STA dynamic blacklist on an AP. The blacklist helps control access of STAs, for example, forbidding STAs with bogus IP addresses to go online. If a STA is not allowed to go online, the STA is added to the dynamic blacklist. Before the dynamic blacklist entry ages out, the STA cannot associate with the AP. The aging time of the dynamic blacklist entries is 10 minutes. After the aging time is reached, the dynamic blacklist entries are automatically deleted. During this period, if the STA on an entry is added to the blacklist again, the aging time of the entry is updated and recalculated.

The administrator can run this command to check STAs in the blacklist and the reasons for adding the STAs to the blacklist.

Example

# Display the dynamic blacklist on AP.

<HUAWEI> display station dynamic-blacklist ap-name huawei
Total: 1
------------------------------------------------------------------------------
STA MAC           Time left(s)   Reason
------------------------------------------------------------------------------
581f-28fc-7ead    160           WIDS attack
------------------------------------------------------------------------------
Table 1 Description of the display station dynamic-blacklist command output
Item Description

STA MAC

MAC address of a STA.

Time left(s)

Remaining aging period, in seconds.

To configure the parameter, run the dynamic-blacklist aging-time command.

Reason
Reason why a STA is added to the dynamic blacklist.
  • static IP: The AP is configured to deny access of STAs with bogus IP addresses, and the STA has a static IP address configured.
  • ARP flood: The AP is configured to detect and defend against ARP flood attacks, and the STA initiates an ARP flood attack.
  • IGMP flood: The AP is configured to detect and defend against IGMP flood attacks, and the STA initiates an IGMP flood attack.
  • ND flood: The AP is configured to detect and defend against ND flood attacks, and the STA initiates an ND flood attack.
  • DHCP flood: The AP is configured to detect and defend against DHCP flood attacks, and the STA initiates a DHCP flood attack.
  • DHCPv6 flood: The AP is configured to detect and defend against DHCPv6 flood attacks, and the STA initiates a DHCPv6 flood attack.
  • MDNS flood: The AP is configured to detect and defend against mDNS flood attacks, and the STA initiates an mDNS flood attack.
  • other multicast flood: The AP is configured to detect and defend against flood attacks through multicast packets other than IGMP, and mDNS multicast packets, and the STA initiates such an attack.
  • other broadcast flood: The AP is configured to detect and defend against flood attacks through broadcast packets other than ARP, DHCP, DHCPv6, and ND multicast packets, and the STA initiates such an attack.
  • WIDS attack: The AP is configured to detect attacks on a WLAN.
  • MESH key fail: Key negotiation fails during mesh link setup.
  • other: Other reason
Parent Topic: WLAN Security Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >