WX5002的Rogue AP检测功能的典型配置

一、组网图

WA2110成功注册在WX5002上，并工作在Monitor状态。无线客户端连接第三方AP提供的SSID“Wireless”，并一直ping第三方AP。

WX5002的配置

#

 version 5.20, Release 1106P01

#

 sysname H3C

#

 domain default enable system

#

vlan 1

#

domain system

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

#

dhcp server ip-pool 1

 network 192.168.1.0 mask 255.255.255.0

 gateway-list 192.168.1.254

 expired day 3

#

wlan rrm

 dot11a mandatory-rate 6 12 24

 dot11a supported-rate 9 18 36 48 54

 dot11b mandatory-rate 1 2

 dot11b supported-rate 5.5 11

 dot11g mandatory-rate 1 2 5.5 11

 dot11g supported-rate 6 9 12 18 24 36 48 54

#

interface NULL0

#

interface Vlan-interface1

 ip address 192.168.1.9 255.255.255.0

#

interface GigabitEthernet1/0/1

#

interface GigabitEthernet1/0/2

#

interface M-Ethernet1/0/1

#

wlan ap ap1 model WA2100

 serial-id 210235A22W0077000088

 work-mode monitor

 radio 1

  radio enable

#

 ip route-static 0.0.0.0 0.0.0.0 192.168.1.254

#

 dhcp enable

#

user-interface aux 0

user-interface vty 0 4

#

return

 验证结果

1、通过命令“display wlan ids detected all”可以查看到Monitor AP发现的第三方AP.
[H3C]display wlan ids detected all

 Total Number of Entries : 4

 Flags: r = rogue, p = permit, a = adhoc, w = ap, c = client

 #AP = number of active APs detecting, Ch = channel number

                          Detected Device(s) List

--------------------------------------------------------------------------------

 MAC Address    Vendor        Type  #AP  Ch  Last Detected       SSID

--------------------------------------------------------------------------------

 000f-e27e-1730 Hangzhou H... -p-w- 1    1   2008-06-18/19:03:04 "H3C"

 000f-e286-dec4 Hangzhou H... -p-w- 1    8   2008-06-18/19:03:04 "wireless"

 0014-a501-265d Gemtek Tec... -p--c 1    11  2008-06-18/19:02:27 -

 0016-b6c5-7a70 Cisco-Linksys -p-w- 1    11  2008-06-18/19:03:04 "brcmwap-psk"

--------------------------------------------------------------------------------

2、定义Rogue AP的规则，本例中定义SSID为“H3C”的AP为合法AP。
[H3C]wlan ids

[H3C-wlan-ids]

[H3C-wlan-ids]device permit ssid H3C

3、通过命令“display wlan ids detected all”再次查看到Monitor AP发现的Rouge AP.
[H3C]display wlan ids detected all

 Total Number of Entries : 4

 Flags: r = rogue, p = permit, a = adhoc, w = ap, c = client

 #AP = number of active APs detecting, Ch = channel number

                          Detected Device(s) List

--------------------------------------------------------------------------------

 MAC Address    Vendor        Type  #AP  Ch  Last Detected       SSID

--------------------------------------------------------------------------------

 000f-e27e-1730 Hangzhou H... -p-w- 1    1   2008-06-18/19:08:24 "H3C"

 000f-e286-dec4 Hangzhou H... r--w- 1    8   2008-06-18/19:08:24 "wireless"

 0014-a501-265d Gemtek Tec... r---c 1    11  2008-06-18/19:08:24 -

 0016-b6c5-7a70 Cisco-Linksys r--w- 1    10  2008-06-18/19:08:24 "brcmwap-psk"

其中Type前面有r的表示是Rogue设备。

4、对Rogue设备进行攻击，会发现连接第三方AP SSID“wireless”的 Station与第三方AP的通信时断时续。
[H3C]wlan ids

[H3C-wlan-ids]

[H3C-wlan-ids]countermeasures mode rogue

[H3C-wlan-ids]countermeasures enable

C:\Documents and Settings\h3c>ping 21.1.1.1 -t

Pinging 21.1.1.1 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Reply from 21.1.1.1: bytes=32 time=1433ms TTL=255

Reply from 21.1.1.1: bytes=32 time=40ms TTL=255

Reply from 21.1.1.1: bytes=32 time=11ms TTL=255
Reply from 21.1.1.1: bytes=32 time=46ms TTL=255
Reply from 21.1.1.1: bytes=32 time=17ms TTL=255
Requser timed out.
Requser timed out.