wids attack detect

Function

(AP group radio view) The wids attack detect enable command enables attack detection on all specified radios in an AP group.

(AP group radio view) The wids attack detect disable command disables attack detection on all specified radios in an AP group.

(AP group radio view) The undo wids attack detect enable command restores the default attack detection configuration on all specified radios in an AP group.

(AP radio view) The wids attack detect enable command enables attack detection on an AP radio.

(AP radio view) The wids attack detect disable command disables attack detection on an AP radio.

(AP radio view) The undo wids attack detect command cancels the configuration of the attack detection function on an AP radio. The status of this function on the AP radio is then determined by the status of this function in the AP group radio view.

By default, attack detection is disabled on an AP radio; flood attack detection, weak IV attack detection, and spoofing attack detection are disabled on radios in the AP group; and brute force key cracking attack detection is enabled on radios in the AP group.

Format

wids attack detect { all | flood | weak-iv | spoof | wpa-psk | wpa2-psk | wapi-psk | wep-share-key } { enable | disable }

undo wids attack detect { all | flood | weak-iv | spoof | wpa-psk | wpa2-psk | wapi-psk | wep-share-key }

Parameters

Parameter	Description	Value
all	Indicates all attack detection functions.	-
flood	Indicates flood attack detection.	-
weak-iv	Indicates weak IV attack detection.	-
spoof	Indicates spoofing attack detection.	-
wpa-psk	Indicates brute force attack detection in WPA-PSK authentication.	-
wpa2-psk	Indicates brute force attack detection in WPA2-PSK authentication.	-
wapi-psk	Indicates brute force attack detection in WAPI-PSK authentication.	-
wep-share-key	Indicates brute force attack detection in shared key authentication.	-

Views

AP group radio view, AP radio view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To monitor and prevent malicious or unintentional attacks on WLANs in real time, network administrators can enable the following attack detection functions based on actual requirements:

flood: indicates flood attack detection used to detect whether an AP receives a large number of packets of the same type in a short period.
weak-iv: indicates weak IV attack detection used to detect whether weak IV is used for WEP encryption on a WLAN.
spoof: indicates spoofing attack detection used to detect whether a potential attacker pretends to be an AP to broadcast Deauthentication and Disassociation packets.
wpa-psk, wpa2-psk, wapi-psk, or wep-share-key: indicates brute force attack detection. If the WPA-PSK, WPA2-PSK, WAPI-PSK, or WEP-SK security policy is configured on a WLAN, brute force attack detection can be enabled to increase the time required for password cracking and improve password security.

Precautions

The configuration in the AP radio view has a higher priority than that in the AP group radio view.
After the device detection function is enabled using this command, the detected data is stored only on the local device. To report the data to the iMaster NCE-Campus, run the collect-item user-data enable command in the SMI view to enable the device to report intelligent O&M data to the iMaster NCE-Campus.
If no attack detection function is enabled in the AP radio view, the configuration in the AP group radio view is inherited. If any attack detection function is enabled in the AP radio view, the configuration in the AP group radio view does not take effect and the configuration in the AP radio view is inherited. For example, when all attack detection functions are enabled in the AP group radio view:
- If no attack detection function is enabled in the AP radio view, the configuration in the AP group radio view takes effect. That is, all attack detection functions are enabled on the AP radio.
- If spoofing attack detection is enabled in the AP radio view, the configuration in the AP radio view takes effect. That is, only spoofing attack detection is enabled on the AP radio.

Follow-up Procedure

Run the undo dynamic-blacklist disable command to enable the dynamic blacklist function.

Example

# Enable brute force attack detection in WPA-PSK authentication on radio 0 in AP group office.

<HUAWEI> system-view
[HUAWEI] wlan
[HUAWEI-wlan-view] ap-group name office
[HUAWEI-wlan-ap-group-office] radio 0
[HUAWEI-wlan-group-radio-office/0] wids attack detect wpa-psk enable