
Enabling Countermeasures 581
The following command disables countermeasures in radio profile
WX4400# clear radio-profile radprof3 countermeasures
success: change accepted.
Using On-Demand
Countermeasures in a
Mobility Domain
If you are using on-demand countermeasures in a Mobility Domain, you
should enable the feature and synchronize the attack lists on all the WX
switches in the Mobility Domain. This ensures a WX switch attacks
devices in its attack list, rather than devices that may be specified in the
attack lists of other WX switches in the Mobility Domain, which could
produce unexpected results.
For example, in a Mobility Domain consisting of three WX switches, if WX
switch A has an attack list consisting of MAC address 1, and WX switch B
has an attack list consisting of MAC address 2, then WX switch C (the
seed for the Mobility Domain) might determine that the optimal radio to
attack MAC address 2 is attached to WX switch A.
This would mean that MAC address 2 would be attacked from WX switch
A, even though MAC address 2 does not reside in WX switch A’s attack
list. In addition, if the MAP attached to WX switch A is busy attacking
MAC address 2, then MAC address 1 might not be attacked at all if it
comes on the network.
By making the attack lists identical on all of the WX switches in the
Mobility Domain when you enable on-demand countermeasures, it
ensures that a WX switch always attacks MAC addresses that reside in its
attack list. Note that WX switches do not share attack lists automatically,
so you must manually synchronize the attack lists on the WX switches in
the Mobility Domain.