Configuring Wips; Configuring Wips On An Access Point - Cisco 2100 Series Configuration Manual

Chapter 5 Configuring Security Solutions

Configuring wIPS

The Cisco Adaptive wireless intrusion prevention system (wIPS) is an advanced approach to wireless
threat detection and performance management. It combines network traffic analysis, network device and
topology information, signature-based techniques, and anomaly detection to deliver highly accurate and
complete wireless threat prevention. With a fully infrastructure-integrated solution, you can continually
monitor wireless traffic on both the wired and wireless networks and use that network intelligence to
analyze attacks from many sources to more accurately pinpoint and proactively prevent attacks rather
than waiting until damage or exposure has occurred.
The Cisco Adaptive wIPS is enabled by the Cisco 3300 Series Mobility Services Engine (MSE), which
is an appliance-based solution that centralizes the processing of intelligence collected by the continuous
monitoring of Cisco Aironet access points. With Cisco Adaptive wIPS functionalities and WCS
integration into the MSE, the wIPS service can configure, monitor, and report wIPS policies and alarms.
The Cisco Adaptive wIPS is not configured on the controller. Instead, WCS forwards the profile
configuration to the wIPS service, which in turn forwards the profile to the controller. The profile is
stored in flash memory on the controller and sent to access points when they join the controller. When
an access point disassociates and joins another controller, it receives the wIPS profile from the new
controller.
Access points in monitor mode periodically send alarms based on the policy profile to the wIPS service
through the controller. The wIPS service stores and processes the alarms and generates SNMP traps.
WCS configures its IP address as a trap destination to receive SNMP traps from the MSE.
Note In all of the above cases, the controller functions solely as a forwarding device.
Note For more information on the Cisco Adaptive wIPS, refer to the Cisco Wireless Control System
Configuration Guide, Release 5.2 and the Cisco 3300 Series Mobility Services Engine Configuration
Guide, Release 5.2.

Configuring wIPS on an Access Point

Using the controller CLI, follow these steps to configure wIPS on an access point. These steps are
required in order to enable wIPS.
To configure an access point for monitor mode, enter this command:
Step 1
config ap mode monitor Cisco_AP
Step 2 When warned that the access point will be rebooted and asked if you want to continue, enter Y.
Step 3 To save your changes, enter this command:
save config
Step 4 To disable the access point radio, enter this command:
config {802.11a | 802.11b} disable Cisco_AP
OL-17037-01
Cisco Wireless LAN Controller Configuration Guide
Configuring wIPS
5-119