3com WX1200 3CRWX120695A Manuel D’Utilisation
578
C
HAPTER
26: R
OGUE
D
ETECTION
AND
C
OUNTERMEASURES
Configuring an
Attack List
The attack list specifies the MAC addresses of devices that MSS should
issue countermeasures against whenever the devices are detected on the
network. The attack list can contain the MAC addresses of APs and
clients.
issue countermeasures against whenever the devices are detected on the
network. The attack list can contain the MAC addresses of APs and
clients.
By default, the attack list is empty. The attack list applies only to the WX
switch on which the list is configured. WX switches do not share attack
lists.
switch on which the list is configured. WX switches do not share attack
lists.
When on-demand countermeasures are enabled, only those devices
configured in the attack list are subject to countermeasures. In this case,
devices found to be rogues by other means, such as policy violations or by
determining that the device is providing connectivity to the wired
network, are not attacked.
configured in the attack list are subject to countermeasures. In this case,
devices found to be rogues by other means, such as policy violations or by
determining that the device is providing connectivity to the wired
network, are not attacked.
If you are using on-demand countermeasures in a Mobility Domain, you
should synchronize the attack lists on all the WX switches in the Mobility
Domain. See “Using On-Demand Countermeasures in a Mobility Domain”
on page 581.
should synchronize the attack lists on all the WX switches in the Mobility
Domain. See “Using On-Demand Countermeasures in a Mobility Domain”
on page 581.
To add an entry to the attack list, use the following command:
set rfdetect attack-list mac-addr
The following command adds MAC address aa:bb:cc:44:55:66 to the
attack list:
attack list:
WX4400# set rfdetect attack-list 11:22:33:44:55:66
success: MAC 11:22:33:44:55:66 is now in attacklist.
success: MAC 11:22:33:44:55:66 is now in attacklist.
To display the attack list, use the following command:
display rfdetect attack-list
The following example shows the attack list on a switch:
WX4400# display rfdetect attack-list
Total number of entries: 1
Attacklist MAC Port/Radio/Chan RSSI SSID
----------------- ----------------- ------ ------------
11:22:33:44:55:66 dap 2/1/11 -53 rogue-ssid
Total number of entries: 1
Attacklist MAC Port/Radio/Chan RSSI SSID
----------------- ----------------- ------ ------------
11:22:33:44:55:66 dap 2/1/11 -53 rogue-ssid
To remove a MAC address from the attack list, use the following
command:
command:
clear rfdetect attack-list mac-addr