WX5002的Rogue AP检测功能的典型配置
适用WX5002版本:Comware Software, Version 5.20, Release 1106P01
一、组网需求
WX5002、WA2110、H3C POE交换机、便携机(安装有11b/g无线网卡)、第三方AP
二、组网图
WA2110成功注册在WX5002上,并工作在Monitor状态。无线客户端连接第三方AP提供的SSID“Wireless”,并一直ping第三方AP。
三、WX5002的配置
#
version 5.20, Release 1106P01
#
sysname H3C
#
domain default enable system
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool 1
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.254
expired day 3
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.1.9 255.255.255.0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface M-Ethernet1/0/1
#
wlan ap ap1 model WA2100
serial-id 210235A22W0077000088
work-mode monitor
radio 1
radio enable
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.254
#
dhcp enable
#
user-interface aux 0
user-interface vty 0 4
#
return
四、验证结果
1、通过命令“display wlan ids detected all”可以查看到Monitor AP发现的第三方AP.
[H3C]display wlan ids detected all
Total Number of Entries : 4
Flags: r = rogue, p = permit, a = adhoc, w = ap, c = client
#AP = number of active APs detecting, Ch = channel number
Detected Device(s) List
--------------------------------------------------------------------------------
MAC Address Vendor Type #AP Ch Last Detected SSID
--------------------------------------------------------------------------------
000f-e27e-1730 Hangzhou H... -p-w- 1 1 2008-06-18/19:03:04 "H3C"
000f-e286-dec4 Hangzhou H... -p-w- 1 8 2008-06-18/19:03:04 "wireless"
0014-a501-265d Gemtek Tec... -p--c 1 11 2008-06-18/19:02:27 -
0016-b6c5-7a70 Cisco-Linksys -p-w- 1 11 2008-06-18/19:03:04 "brcmwap-psk"
--------------------------------------------------------------------------------
2、定义Rogue AP的规则,本例中定义SSID为“H3C”的AP为合法AP。
[H3C]wlan ids
[H3C-wlan-ids]
[H3C-wlan-ids]device permit ssid H3C
3、通过命令“display wlan ids detected all”再次查看到Monitor AP发现的Rouge AP.
[H3C]display wlan ids detected all
Total Number of Entries : 4
Flags: r = rogue, p = permit, a = adhoc, w = ap, c = client
#AP = number of active APs detecting, Ch = channel number
Detected Device(s) List
--------------------------------------------------------------------------------
MAC Address Vendor Type #AP Ch Last Detected SSID
--------------------------------------------------------------------------------
000f-e27e-1730 Hangzhou H... -p-w- 1 1 2008-06-18/19:08:24 "H3C"
000f-e286-dec4 Hangzhou H... r--w- 1 8 2008-06-18/19:08:24 "wireless"
0014-a501-265d Gemtek Tec... r---c 1 11 2008-06-18/19:08:24 -
0016-b6c5-7a70 Cisco-Linksys r--w- 1 10 2008-06-18/19:08:24 "brcmwap-psk"
其中Type前面有r的表示是Rogue设备。
4、对Rogue设备进行攻击,会发现连接第三方AP SSID“wireless”的 Station与第三方AP的通信时断时续。
[H3C]wlan ids
[H3C-wlan-ids]
[H3C-wlan-ids]countermeasures mode rogue
[H3C-wlan-ids]countermeasures enable
C:\Documents and Settings\h3c>ping 21.1.1.1 -t
Pinging 21.1.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 21.1.1.1: bytes=32 time=1433ms TTL=255
Reply from 21.1.1.1: bytes=32 time=40ms TTL=255
Reply from 21.1.1.1: bytes=32 time=11ms TTL=255
Reply from 21.1.1.1: bytes=32 time=46ms TTL=255
Reply from 21.1.1.1: bytes=32 time=17ms TTL=255
Requser timed out.
Requser timed out.
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作