display wlan ids device-detected

Function

The display wlan ids device-detected command displays various wireless devices detected on a WLAN.

Format

display wlan ids device-detected { all | [ interference | rogue ] ap | [ rogue ] bridge | [ rogue ] client [ bssid bssid ] | adhoc | [ rogue ] ssid | mac-address mac-address | monitor-ap { ap-name ap-name | ap-id ap-id } [ radio-id radio-id ] }

Parameters

Parameter	Description	Value
all	Displays all wireless devices detected on the WLAN.	-
interference	Displays interfering devices detected on the WLAN.	-
rogue	Displays rogue devices detected on the WLAN.	-
ap	Displays APs detected on the WLAN.	-
bridge	Displays bridge devices detected on the WLAN.	-
client	Displays user terminals detected on the WLAN.	-
bssid bssid	Displays detailed information about devices with the specified BSSID detected on the WLAN.	The format is H-H-H. An H is a hexadecimal number of 4 digits.
adhoc	Displays detected user terminals that belong to the ad-hoc network on the WLAN.	-
ssid	Displays SSIDs detected on the WLAN.	-
mac-address mac-address	Displays detailed information about devices with specified MAC addresses detected on the WLAN.	The MAC addresses must exist.
monitor-ap ap-name ap-name	Displays detailed information about devices detected by the monitoring AP with a specified name on the WLAN.	The AP name must exist.
monitor-ap ap-id ap-id	Displays detailed information about devices detected by the monitoring AP with a specified ID on the WLAN.	The AP ID must exist.
monitor-ap { ap-name ap-name \| ap-id ap-id } radio-id radio-id	Displays detailed information about devices detected by the radio with a specified ID on a specified AP on the WLAN.	The radio ID must exist on the AP.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

To ensure the WLAN reliability, all the wireless devices on the current WLAN must be monitored. You can run the display wlan ids detected command to view information about the wireless devices detected.

Prerequisites

The device detection function has been enabled on the AP using the wids device detect enable command.

Example

# Display all devices detected on a WLAN.

<HUAWEI> display wlan ids device-detected all
Flags: r: rogue, p: permit, i: interference, a: adhoc, w: AP, b: wireless-bridge, c: client
#Rf: Number of monitor radios that have detected the device
CH: Channel number
RSSI(dBm): Maximum RSSI of detected device                                       StaNum: Number of detected STAs associated with the device  
-------------------------------------------------------------------------------------------------
MAC address     Type    CH  RSSI(dBm) StaNum  Authentication   Last detected time   #Rf   SSID
-------------------------------------------------------------------------------------------------
0010-0020-de2b  i/w     1   -60       5       open             2014-11-20/11:03:44  1     -
-------------------------------------------------------------------------------------------------
Total: 1, printed: 1

**Table 1** Description of the **display wlan ids device-detected all** command output
Item	Description
MAC address	MAC address of the detected device.
Type	Type of the detected device: r: rogue device p: authorized device i: interfering device a: user terminal on the ad-hoc network w: AP b: bridge device c: user terminal
CH	Authentication mode of the detected device.
RSSI(dBm)	RSSI of the detected device.
StaNum	Channel in which the device is detected for the last time.
Authentication	RSSI of the detected device.
Last detected time	Last time when the device is detected.
#Rf	Number of radios that detect the device.
SSID	SSID of the detected device.

# Display information about APs detected on the WLAN.

<HUAWEI> display wlan ids device-detected ap
Flags: r: rogue, p: permit, i: interference
#Rf: Number of monitor radios that have detected the device
CH: Channel number
RSSI(dBm): Maximum RSSI of detected device                                       StaNum: Number of detected STAs associated with the device  
-------------------------------------------------------------------------------------------------
MAC address     Type  CH  RSSI(dBm) StaNum  Authentication   Last detected time   #Rf   SSID
-------------------------------------------------------------------------------------------------
0010-0020-de2b  r     1   -60       5       open             2014-11-20/11:03:44  1     -
-------------------------------------------------------------------------------------------------
Total: 1, printed: 1

# Display information about rogue APs detected on the WLAN.

<HUAWEI> display wlan ids device-detected rogue ap
#Rf: Number of monitor radios that have detected the device
CH: Channel number
RSSI(dBm): Maximum RSSI of detected device                                       StaNum: Number of detected STAs associated with the device  
-------------------------------------------------------------------------------------------------
MAC Address     CH  RSSI(dBm) StaNum  Authentication   Last detected time   #Rf   SSID 
-------------------------------------------------------------------------------------------------
0010-0020-de2b  1   -60       5       open             2014-11-20/11:03:44  1     -
-------------------------------------------------------------------------------------------------
Total: 1, printed: 1

# Display information about interfering APs detected on the WLAN.

<HUAWEI> display wlan ids device-detected interference ap
Flags: r: rogue, p: permit, i: interference
#Rf: Number of monitor radios that have detected the device
CH: Channel number
RSSI(dBm): Maximum RSSI of detected device                                       StaNum: Number of detected STAs associated with the device  
-------------------------------------------------------------------------------------------------
MAC address     Type  CH  RSSI(dBm) StaNum  Authentication   Last detected time   #Rf   SSID 
-------------------------------------------------------------------------------------------------
0010-0020-de2b  i     1   -60       5       open             2014-11-20/11:03:44  1     -
-------------------------------------------------------------------------------------------------
Total: 1, printed: 1

# Display information about ad-hoc devices detected on the WLAN.

<HUAWEI> display wlan ids device-detected adhoc
Flags: r: rogue
#Rf: Number of monitor radios that have detected the device
CH: Channel number
RSSI(dBm): Maximum RSSI of detected device                                       StaNum: Number of detected STAs associated with the device  
-------------------------------------------------------------------------------------------------
MAC address     Type  CH  RSSI(dBm) StaNum  Authentication   Last detected time   #Rf   SSID
-------------------------------------------------------------------------------------------------
0010-0020-de2d  r     6   -60       -       -                2014-11-20/11:12:58  2     -
-------------------------------------------------------------------------------------------------
Total: 1, printed: 1

# Display information about SSIDs detected on the WLAN.

<HUAWEI> display wlan ids device-detected ssid
#Dev: Number of devices using SSID
-------------------------------------------------------------------------------
SSID                              #Dev  Last detected time
-------------------------------------------------------------------------------
trad                              1     2014-11-20/11:01:44
CMCC-4G                           6     2014-11-20/11:14:13
-------------------------------------------------------------------------------
Total: 2, printed: 2

**Table 2** Description of the **display wlan ids device-detected ssid** command output
Item	Description
SSID	SSID detected.
#Dev	Number of devices that use the SSID.
Last detected time	Last time at which the device using the SSID is detected.

# Display information about spoofing SSIDs detected on the WLAN.

<HUAWEI> display wlan ids device-detected rogue ssid
#Dev: number of devices using rogue SSID                                        
--------------------------------------------------------------------------------
Rogue SSID  Spoof profile  #Dev  Last detected time                             
            Pattern rule
--------------------------------------------------------------------------------
ao          a0             1     2014-11-20/11:14:39
            ao
al          a1             2     2014-11-20/11:14:39
            al
--------------------------------------------------------------------------------
ssid        --             1     2014-11-20/15:59:45 
---------------------------------------------------------------------------------
Total: 3

**Table 3** Description of the **display wlan ids device-detected rogue ssid** command output
Item	Description
Rogue SSID	Spoofing SSIDs detected, including SSIDs same as the authorized SSIDs and SSIDs matching the specified fuzzy rules.
Spoof profile	WIDS spoof SSID profile owned the fuzzy matching rule.
Pattern rule	Fuzzy matching rule for the spoofing SSID.
#Dev	Number of APs using the SSID.
Last detected time	Latest time when the SSID is detected.

# Display detailed information about devices with MAC address 0008-cbe9-1c00 detected on the WLAN.

<HUAWEI> display wlan ids device-detected mac-address 0008-cbe9-1c00
Detected MAC List
--------------------------------------------------------------------------------
MAC address                                             : 0008-cbe9-1c00
BSSID                                                   : 0008-cbe9-1c00
Type                                                    : rogue ap
SSID                                                    : -
Authentication                                          : 802.1x
Number of monitor radios that have detected the device  : 1
Last detected channel                                   : 1
Maximum RSSI(dBm)                                       : -80
Beacon interval(TUs)                                     : -
First detected time                                     : 2015-10-20/15:07:23
Reported AP 1
 AP name                                                : admin_ap0_admin_ap0_admin
 Radio ID                                               : 0
 MAC address                                            : dcd2-fc1e-c4a0
 Radio type                                             : 802.11bg
 Channel                                                : 1
 RSSI(dBm)                                              : -80
 Last detected time                                     : 2015-10-20/15:07:23
 Counter measure                                        : Y
 Counter measure reason                                 : spoof-ssid-ap
--------------------------------------------------------------------------------

**Table 4** Description of the **display wlan ids device-detected mac-address** command output
Item	Description
MAC address	MAC address of the detected device.
BSSID	BSSID of the detected device.
Type	Type of the detected device.
SSID	SSID of the detected device.
Authentication	Authentication mode of the detected device.
Number of monitor radios that have detected the device	Number of radios that detect the device. If WIDS is enabled on multiple APs, the type of the device may be detected by these APs' radios.
Last detected channel	Channel of the detected device.
Maximum RSSI(dBm)	Maximum RSSI of the detected device.
Beacon interval(TUs)	Interval at which the detected device sends beacon frames.
First detected time	First time at which the device is detected.
Reported AP 1	Information of the Monitoring AP which reports detection information.
AP name	Name of the monitoring AP.
Radio ID	Radio ID of the monitoring AP.
MAC address	MAC address of the monitoring AP.
Radio type	Radio type of the monitoring AP.
Channel	Channel of the monitoring AP.
RSSI(dBm)	RSSI of the monitoring AP.
Last detected time	Last time when the device is detected.
Counter measure	Whether the device is contained.
Counter measure reason	Reason why the device is contained. open-encrypt: The authentication mode of the device is open. spoof-ssid-ap: The device is a rogue AP or interference AP with a spoofing SSID. protect-client: The device is a STA in the STA whitelist and is contained to prevent it from accessing a rogue AP. client: The device is a rogue STA or interference STA. adhoc: The device is a rogue ad-hoc device. manual: The device is manually contained.