某局点开启WIPS功能将合法AP识别为非法AP

某局点启用wips反制功能，配置完成后，发现现场的合法AP（添加了trust mac）也被识别为非法AP

wips

#

ap-classification rule 1

  ssid not equal H3C_WiFi

#

ap-classification rule 2

  ssid equal H3C_WiFi

#

classification policy test

  apply ap-classification rule 1 rogue-ap severity-level 100

  apply ap-classification rule 2 rogue-ap severity-level 100

  trust mac-address 00dd-xxxx-b7f0

  trust mac-address 00dd-xxxx-b7f1

  trust mac-address 00dd-xxxx-b7f2

  trust mac-address b845-xxxx-5480

  trust mac-address b845-xxxx-5481

  trust mac-address b845-xxxx-5482

  trust mac-address b845-xxxx-5980

  invalid-oui-classify illegal

在AC上查看反制记录，发现trust mac的AP也被识别为了非法AP：

[AC-wips]dis wips virtual-security-domain test device

Total 245 detected devices in virtual-security-domain test

Class: Auth - authorization; Ext - external; Mis - mistake;

       Unauth - unauthorized; Uncate - uncategorized;

       (A) - associate; (C) - config; (P) - potential;

       Ad-hoc; Mesh

MAC address    Type   Class    Duration    Sensors Channel Status

00dd-xxxx-b7f1 AP     Rogue    02h 01m 19s 1       52      Active

00dd-xxxx-b7f2 AP     Rogue    01h 43m 03s 1       52      Active

00e0-xxxx-08f1 AP     Rogue    01h 05m 29s 1       149     Active

0442-xxxx-c8e4 AP     Rogue    02h 02m 51s 1       161     Active

……

查看AC上配置，发现配置中有一条：

classification policy test

  apply ap-classification rule 1 rogue-ap severity-level 100

  apply ap-classification rule 2 rogue-ap severity-level 100

  trust mac-address 00dd-xxxx-b7f0

  trust mac-address 00dd-xxxx-b7f1

  trust mac-address 00dd-xxxx-b7f2

  trust mac-address b845-xxxx-5480

  trust mac-address b845-xxxx-5481

  trust mac-address b845-xxxx-5482

  trust mac-address b845-xxxx-5980

  invalid-oui-classify illegal  // 命令用来配置对非法OUI的设备进行分类

此条配置的目的是启动非法oui检测，只有设备默认的和导入的oui才是信任的，其他都是非法的，优先级高于trust mac，因此将现场所有合法AP都是别为非法AP

此条配置需要使用导入oui列表才行，如果不导入就使用默认的，默认是设备出厂带的；

将配置 invalid-oui-classify illegal 删除，设备能够正常识别非法AP和合法AP。