Filter
Top Products
Rogue detection and counter measures 713
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Configuring an attack list
The attack list specifies the MAC addresses of devices that WSS Software should issue countermeasures against
whenever the devices are detected on the network. The attack list can contain the MAC addresses of APs and clients.
By default, the attack list is empty. The attack list applies only to the WSS on which the list is configured. WSSs do not
share attack lists.
When on-demand countermeasures are enabled, only those devices configured in the attack list are subject to counter-
measures. In this case, devices found to be rogues by other means, such as policy violations or by determining that the
device is providing connectivity to the wired network, are not attacked.
To add an entry to the attack list, use the following command:
set rfdetect attack-list mac-addr
The following command adds MAC address aa:bb:cc:44:55:66 to the attack list:
WSS# set rfdetect attack-list 11:22:33:44:55:66
success: MAC 11:22:33:44:55:66 is now in attacklist.
To display the attack list, use the following command:
show rfdetect attack-list
The following example shows the attack list on a switch:
WSS# show rfdetect attack-list
Total number of entries: 1
Attacklist MAC Port/Radio/Chan RSSI SSID
----------------- ----------------- ------ ------------
11:22:33:44:55:66 ap 2/1/11 -53 rogue-ssid
To remove a MAC address from the attack list, use the following command:
clear rfdetect attack-list mac-addr
The following command clears MAC address 11:22:33:44:55:66 from the attack list:
WSS# clear rfdetect attack-list 11:22:33:44:55:66
success: 11:22:33:44:55:66 is no longer in attacklist.
Note. If you are using on-demand countermeasures in a Mobility Domain, you should
synchronize the attack lists on all the WSSs in the Mobility Domain. See “Using on-demand
countermeasures in a Mobility Domain” on page 716.