R2511-HP MSR Router Series WLAN Configuration Guide(V5)
56
• Dynamic blacklist—Contains the MAC addresses of clients forbidden to access the WLAN. A client
is dynamically added to the list if it is considered sending attacking frames until the timer of the
entry expires.
When an AP receives an 802.11 frame, it checks the source MAC address of the frame and processes the
frame by following these rules:
1. If the source MAC address does not match any entry in the white list, the frame is dropped. If there
is a match, the frame is considered valid and is processed further.
2. If no white list entries exist, the static and dynamic blacklists are searched.
3. If the source MAC address matches an entry in any of the two lists, the frame is dropped.
4. If there is no match, or no blacklist entries exist, the frame is considered valid and is processed
further.
Figure 22 Frame filtering
If client 1 is present in the backlist, it cannot associate with the fat AP. If it is only in the white list, it can
get associated with the fat AP.
WLAN IDS configuration task list
Task Descri
p
tion
Configuring AP operating mode Required.
Configuring attack detection
Configuring attack detection.
Optional.
Displaying and maintaining attack
detection.
Configuring blacklist and whitelist Optional.
Configuring AP operating mode
A WLAN consists of various APs that span across the building offering WLAN services to the clients. The
administrator may want some of these APs to detect rogue devices. The administrator can configure an
AP to operate in any of the three modes, normal, monitor, or hybrid.