The flood-detect threshold command sets the flood attack detection threshold. A flood attack occurs when an AP receives a large number of packets of the same type within a short period.
The undo flood-detect threshold command restores the default flood attack detection threshold.
By default, the flood attack detection threshold is 500.
Parameter |
Description |
Value |
|---|---|---|
threshold threshold |
Specifies the flood attack detection threshold. |
The value is an integer that ranges from 1 to 1000. |
Usage Scenario
A flood attack occurs when a device receives a large number of packets of the same type within a short period. As a result, the device is flooded by too many attack packets to process service packets from authorized wireless terminals.
After the flood attack detection function is enabled, a device counts the number of packets of the same type that it receives from a user at regular intervals. When the number exceeds a specified threshold, the device considers that the user launches a flood attack. If the dynamic blacklist function is enabled, the user will be added to a dynamic blacklist. If the threshold is set to a small value, the device may incorrectly add authorized users to the dynamic blacklist, causing the users unable to go online.
Follow-up Procedure
Run the undo dynamic-blacklist disable command to enable the dynamic blacklist function.
# Set the flood attack detection threshold to 350.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] ap-group name office [HUAWEI-wlan-ap-group-office] radio 0 [HUAWEI-wlan-group-radio-office/0] wids attack detect flood enable [HUAWEI-wlan-group-radio-office/0] quit [HUAWEI-wlan-ap-group-office] quit [HUAWEI-wlan-view] wids-profile name huawei [HUAWEI-wlan-wids-prof-huawei] flood-detect threshold 350