R2511-HP MSR Router Series WLAN Configuration Guide(V5)
58
Configuring blacklist and whitelist
Perform this task to configure the static blacklist, static white list, enable dynamic blacklist feature, and
configure the lifetime for dynamic entries.
• WLAN IDS permits devices present in the static white list. You can add entries into or delete entries
from the list.
• WLAN IDS denies devices present in the static blacklist. You can add entries into or delete entries
from the list.
• WLAN IDS adds dynamically detected attack devices into the dynamic blacklist. You can set a
lifetime in seconds for dynamic blacklist entries. After the lifetime of an entry expires, the device
entry will be removed from the dynamic blacklist. If a flood attack from the device is detected again
before the lifetime expires, the entry is refreshed.
Configuring static lists
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter WLAN IDS view.
wlan ids N/A
3. Add an entry into the white
list.
whitelist mac-address mac-address
Optional.
By default, no white list exists.
4. Add an entry into the static
blacklist.
static-blacklist mac-address
mac-address
Optional.
By default, no static blacklist exists.
Configuring dynamic blacklist
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter WLAN IDS view.
wlan ids N/A
3. Enable the dynamic blacklist
feature.
dynamic-blacklist enable
Optional.
By default, the dynamic blacklist
feature is disabled.
4. Configure the lifetime for
dynamic blacklist entries.
dynamic-blacklist lifetime lifetime
Optional.
By default, the lifetime is 300
seconds.
Displaying and maintaining blacklist and whitelist
Task Command
Remarks
Display blacklist entries.
display wlan
blacklist { static | dynamic } [ |
{ begin | exclude | include }
regular-expression ]
Available in any view.