某局点启用wips反制功能,配置完成后,发现现场的合法AP(添加了trust mac)也被识别为非法AP
wips
#
ap-classification rule 1
ssid not equal H3C_WiFi
#
ap-classification rule 2
ssid equal H3C_WiFi
#
classification policy test
apply ap-classification rule 1 rogue-ap severity-level 100
apply ap-classification rule 2 rogue-ap severity-level 100
trust mac-address 00dd-xxxx-b7f0
trust mac-address 00dd-xxxx-b7f1
trust mac-address 00dd-xxxx-b7f2
trust mac-address b845-xxxx-5480
trust mac-address b845-xxxx-5481
trust mac-address b845-xxxx-5482
trust mac-address b845-xxxx-5980
invalid-oui-classify illegal
在AC上查看反制记录,发现trust mac的AP也被识别为了非法AP:
[AC-wips]dis wips virtual-security-domain test device
Total 245 detected devices in virtual-security-domain test
Class: Auth - authorization; Ext - external; Mis - mistake;
Unauth - unauthorized; Uncate - uncategorized;
(A) - associate; (C) - config; (P) - potential;
Ad-hoc; Mesh
MAC address Type Class Duration Sensors Channel Status
00dd-xxxx-b7f1 AP Rogue 02h 01m 19s 1 52 Active
00dd-xxxx-b7f2 AP Rogue 01h 43m 03s 1 52 Active
00e0-xxxx-08f1 AP Rogue 01h 05m 29s 1 149 Active
0442-xxxx-c8e4 AP Rogue 02h 02m 51s 1 161 Active
……
查看AC上配置,发现配置中有一条:
classification policy test
apply ap-classification rule 1 rogue-ap severity-level 100
apply ap-classification rule 2 rogue-ap severity-level 100
trust mac-address 00dd-xxxx-b7f0
trust mac-address 00dd-xxxx-b7f1
trust mac-address 00dd-xxxx-b7f2
trust mac-address b845-xxxx-5480
trust mac-address b845-xxxx-5481
trust mac-address b845-xxxx-5482
trust mac-address b845-xxxx-5980
invalid-oui-classify illegal // 命令用来配置对非法OUI的设备进行分类
此条配置的目的是启动非法oui检测,只有设备默认的和导入的oui才是信任的,其他都是非法的,优先级高于trust mac,因此将现场所有合法AP都是别为非法AP
此条配置需要使用导入oui列表才行,如果不导入就使用默认的,默认是设备出厂带的;
将配置 invalid-oui-classify illegal 删除,设备能够正常识别非法AP和合法AP。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作