Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
738
Views
0
Helpful
0
Replies

wIPS AP submode not detecting attacks

alfonso.cornejo
Level 3
Level 3

‎06-27-2016 06:09 PM - edited ‎03-10-2019 06:38 AM

Hello,

We are working with a Lab of a MSE with wIPS v8.x integrated with a Cisco Prime v3.x and a WLC v8.x, the integration for all the infrastructure is done and with all the services up and running. The lab enviroment also has two APs and both of them are working in local mode and in the wIPS submode, we have a Kali Linux in order to generate attacks and see the events detected by the wIPS.

We noticed something, we let the Kali Linux attack the wireless network for an hour and no Events were registered in the wIPS + Prime and we discovered that the issue was that the Kali Linux was attacking the wireless network in channel 1 but the 2 APs were working in channel 6. We decided to change the operation mode of one of the APs to "monitor" and this time it detected the attack just a few seconds after it started.

Can this solution be implemented using APs only working in the wIPS "submode"?

Is there something specific that needs to be configured in order to detect the attacks when working with no monitor mode AP and only in wIPS submode?

Thanks in advanced for any comment!

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card