[huawei]wlan

[huawei-wlan-view]wids-profile name w1  //创建一个WIDS模板并进入WIDS模板视图

[huawei-wlan-view]ap-group name g1  //进入AP组视图

[huawei-wlan-ap-group-g1]radio 0  //进入射频视图

[huawei-wlan-group-radio-g1/0]work-mode normal  //配置AP组射频的工作模式,缺省正常模式

[huawei-wlan-group-radio-g1/0]work-mode monitor

[huawei-wlan-view]air-scan-profile name a1  //创建空口扫描模板并进入空口扫描模板视图

[huawei-wlan-air-scan-prof-a1]undo scan-disable   //开启空口扫描功能,缺省处于开启状态

[huawei-wlan-air-scan-prof-a1]scan-channel-set country-channel  //配置空口扫描信道集合,缺省为AP对应国家码支持的所有信道

[huawei-wlan-air-scan-prof-a1]scan-channel-set dca-channel  

[huawei-wlan-air-scan-prof-a1]scan-channel-set work-channel

[huawei-wlan-air-scan-prof-a1]scan-period 60  //配置空口扫描的持续时间,缺省是60毫秒

[huawei-wlan-air-scan-prof-a1]scan-interval 60000  //配置空口扫描的时间间隔,缺省为60000毫秒

[huawei-wlan-view]radio-2g-profile name r2  //进入2G射频模板

[huawei-wlan-radio-2g-prof-r2]air-scan-profile a1  //在射频模板下引用空口扫描模板

[huawei-wlan-view]ap-group name g1

[huawei-wlan-ap-group-g1]radio 0

[huawei-wlan-group-radio-g1/0]wids device detect enable  //使能设备检测功能

[huawei-wlan-view]wids-profile name w1  //进入WIDS模板视图

[huawei-wlan-wids-prof-w1]device report-interval 300  //配置AP增量上报检测的无线设备信息的间隔时间,缺省为300秒

[huawei-wlan-wids-prof-w1]device synchronization-interval 360  //配置AP上报全量检测的无线设备信息的间隔时间,缺省为360分钟

[huawei-wlan-view]wids-spoof-profile name w1  //创建一个SSID仿冒识别规则模板并进入SSID仿冒识别规则模板视图

[huawei-wlan-wids-spoof-w1]spoof-ssid fuzzy-match regex 1  //配置仿冒SSID的模糊匹配规则

[huawei-wlan-view]wids-profile name w1  //进入WIDS模板视图

[huawei-wlan-wids-prof-w1]wids-spoof-profile w1  //应用SSID仿冒识别规则模板到WIDS模板

[huawei-wlan-view]wids-whitelist-profile name wh1  //创建一个WIDS白名单模板并进入WIDS白名单模板视图

[huawei-wlan-wids-whitelist-wh1]permit-ap  mac-address 1000-0000-0000  //配置WIDS白名单列表

[huawei-wlan-wids-whitelist-wh1]permit-ap oui 10-00-00

[huawei-wlan-wids-whitelist-wh1]permit-ap ssid 1

[huawei-wlan-view]wids-profile name w1  //进入WIDS模板视图

[huawei-wlan-wids-prof-w1]wids-whitelist-profile wh1  //应用WIDS白名单模板到WIDS模板

[huawei-wlan-view]ap-group name g1

[huawei-wlan-ap-group-g1]radio 0

[huawei-wlan-group-radio-g1/0]wids contain enable  //在AP组射频下使能非法设备反制功能

[huawei-wlan-view]wids-profile name w1  //进入WIDS模板视图

[huawei-wlan-wids-prof-w1]contain-mode open-ap  //配置AP对非法设备的反制模式

[huawei-wlan-wids-prof-w1]contain-mode spoof-ssid-ap  

[huawei-wlan-wids-prof-w1]contain-mode client  

[huawei-wlan-wids-prof-w1]contain-mode adhoc

[huawei-wlan-view]ap-group name g1  //进入AP组视图

[huawei-wlan-ap-group-g1]wids-profile w1  //在AP组中引用WIDS模板

[huawei]display wids-profile all  //查看WIDS模板的信息

[huawei]display wids-whitelist-profile all   //查看WIDS白名单模板的信息

[huawei]display wids-spoof-profile all  //查看SSID仿冒识别规则模板的信息

[huawei]display references wids-profile name w1  //查看WIDS模板的引用信息

[huawei]display references wids-spoof-profile name w1  //查看SSID仿冒识别规则模板的引用信息

[huawei]display references wids-whitelist-profile name wh1  //查看WIDS白名单模板的引用信息

[huawei-wlan-view]ap-group name g1

[huawei-wlan-ap-group-g1]radio 0

[huawei-wlan-group-radio-g1/0]wids attack detect enable all  //在AP组射频下使能攻击检测功能

[huawei-wlan-group-radio-g1/0]wids attack detect enable flood  

[huawei-wlan-group-radio-g1/0]wids attack detect enable weak-iv

[huawei-wlan-group-radio-g1/0]wids attack detect enable spoof  

[huawei-wlan-group-radio-g1/0]wids attack detect enable wpa-psk  

[huawei-wlan-group-radio-g1/0]wids attack detect enable wpa2-psk  

[huawei-wlan-group-radio-g1/0]wids attack detect enable wapi-psk  

[huawei-wlan-group-radio-g1/0]wids attack detect enable wep-share-key

[huawei-wlan-view]wids-profile name w1  //进入WIDS模板视图

[huawei-wlan-wids-prof-w1]flood-detect interval 60  //配置泛洪攻击的检测周期,缺省为60秒

[huawei-wlan-wids-prof-w1]flood-detect threshold 300  //配置泛洪攻击检测阈值,缺省为300

[huawei-wlan-wids-prof-w1]flood-detect quiet-time 600  //配置AP检测到泛洪攻击后上报AC的静默时间,缺省为600秒

[huawei-wlan-wids-prof-w1]weak-iv-detect quiet-time 600  //配置AP检测到弱向量攻击后上报AC的静默时间,缺省为600秒

[huawei-wlan-wids-prof-w1]spoof-detect quiet-time 600  //配置AP检测到欺骗攻击后上报AC的静默时间,缺省为600秒

[huawei-wlan-wids-prof-w1]brute-force-detect threshold 20  //配置暴力破解密钥攻击的检测周期内,允许密钥错误的次数,缺省为20次

[huawei-wlan-wids-prof-w1]brute-force-detect interval 60  //配置暴力破解密钥攻击的检测周期,缺省为60秒。

[huawei-wlan-wids-prof-w1]brute-force-detect quiet-time  600  //配置AP检测到暴力破解密钥攻击后上报AC的静默时间,缺省为600秒

[huawei-wlan-wids-prof-w1]dynamic-blacklist enable  //使能动态黑名单功能

[huawei]display ap-system-profile all  //查看AP系统模板的配置信息

[huawei]display wlan ids device-detected all  //查看检测到的WLAN设备信息

[huawei]display wlan ids device-detected statistics  //查看WLAN网络中检测到的各种无线设备的统计信息

[huawei]display wlan ids rogue-history all  //查看检测到的设备的历史记录信息

[huawei]display wlan ids contain all  //查看被反制的设备信息

[huawei]display wlan ids attack-detected all  //查看检测到的攻击设备信息

[huawei]display wlan ids attack-history all  //查看检测到的攻击设备的历史记录信息

[huawei]display wlan ids attack-detected statistics  //查看检测到的各类攻击次数统计

[huawei]display wlan dynamic-blacklist all  //查看加入动态黑名单的攻击设备

[huawei]display station dynamic-blacklist ap-id 0  //查看动态黑名单列表

[huawei]reset wlan ids attack-detected all  //清除检测到的攻击设备信息

[huawei]reset wlan ids attack-detected statistics  //清除检测到的攻击次数

[huawei]reset wlan ids attack-history all  //清除检测到的攻击设备的历史记录信息

[huawei]reset wlan ids device-detected all   //清除检测到的无线设备列表

[huawei]reset wlan ids rogue-history all  //清除非法设备历史记录