< Home

wids contain enable

Function

(AP group radio view) The wids contain enable command enables rogue or interference device containment on all specified radios in an AP group.

(AP group radio view) The undo wids contain enable command disables rogue or interference device containment on all specified radios in an AP group.

(AP radio view) The wids contain enable command enables rogue or interference device containment on an AP radio.

(AP radio view) The undo wids contain enable command cancels the configuration of the rogue or interference device containment function on an AP radio. The status of this function on the AP radio is then determined by the status of this function in the AP group radio view.

By default, rogue or interference device containment is disabled on AP radios.

Format

wids contain enable

undo wids contain enable

Parameters

None

Views

AP group radio view, AP radio view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Rogue or interference devices pose serious security threats to enterprise networks.

After the containment mode is set against rogue or interference APs, the monitor AP uses the identity of the rogue or interference AP to broadcast deauthentication frames to forcibly disconnect STAs. To prevent the STAs from connecting to the rogue or interference AP again, the monitor AP will periodically and continuously send deauthentication frames.

After the containment mode is set against rogue or interference STAs or ad-hoc devices, the monitor AP uses the MAC address of a rogue or interference device to continuously send unicast deauthentication frames.

Precautions

The configuration in the AP radio view has a higher priority than that in the AP group radio view.

After the keep-service enable command is executed, if the wids device detect enable and wids contain enable commands are configured to enable rogue or interference device detection and containment, the AP will continue providing data services after going offline. However, the AC considers the AP as a rogue or interference device and adds it to the containment list. The containment mechanism will disconnect STAs from the AP. Therefore, service holding upon CAPWAP link disconnection does not take effect in this case.

After command keep-service enable allow new-access is executed, if the wids device detect enable and wids contain enable commands are configured to enable rogue or interference device detection and containment, the AP will continue providing data services after going offline. However, the AC considers the AP as a rogue or interference device and adds it to the containment list. The containment mechanism will disable the AP from allowing access of new STAs. Therefore, the function of enabling an offline AP to allow access of new STAs does not take effect in this case.

Follow-up Procedure

Run the contain-mode command to set the rogue or interference device containment mode.

Example

# Enable rogue or interference device containment on radio 0 in AP group office.
<HUAWEI> system-view
[HUAWEI] wlan
[HUAWEI-wlan-view] ap-group name office
[HUAWEI-wlan-ap-group-office] radio 0
[HUAWEI-wlan-group-radio-office/0] wids contain enable
Parent Topic: WLAN Security Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >