cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
283
Views
0
Helpful
3
Replies
Highlighted
Beginner

Deploy wIPS without cisco SME

Hi expert

 

Base on datasheet, we need AP, WLC, Prime and MSE to depoy wIPS.

https://www.cisco.com/c/en/us/products/collateral/wireless/adaptive-wireless-ips-software/data_sheet_c78-501388.html

My question is, if we can deploy wIPS without using MSE? If can, what is the wIPS feature that not support this kind of deployment?

Everyone's tags (1)
3 REPLIES 3
Highlighted
VIP Advocate

Re: Deploy wIPS without cisco SME

To use the somewhat more advanced IPS features you require an MSE.
If you don't have an MSE, don't enable the AP sub-mode wIPS, as you only waste airtime.
Highlighted
Enthusiast

Re: Deploy wIPS without cisco SME

The WLC supports 17 standard signatures out of the box.  if you need to the advanced signatures, this is where the MSE comes into play.

There are tons of advantages with using the MSE solution, however its not cheap. and Cisco is moving away from this, so if don't need the features of the wIPS I would wait to see what Cisco releases in the near future.

Highlighted
Cisco Employee

Re: Deploy wIPS without cisco SME

Hellow Anwar, the WLC uses IDS signatures that are used to identify various types of attacks in incoming 802.11 packets. When the signatures are enabled, the APs that are joined to the Cisco WLC perform signature analysis on the received 802.11 data or management frames and report discrepancies to the Cisco WLC.

 

CONTROLLER-BASED IDS FLOW

  • The AP examines frames:
    • Local mode AP: 802.11 management frames.
    • Monitor mode AP: 802.11 management and data frames.
  • The AP compares signatures.
  • The AP detects possible attacks.
  • The AP sends an alert to the WLC.

The WLC supports 17 standard signatures on Cisco WLC. These signatures are divided into six main groups; the first four groups contain management signatures, and the last two groups contain data signatures:

 

  • Broadcast deauthentication frame signatures
  • NULL probe response signatures
  • Management frame flood signatures
  • Wellenreiter signature
  • EAPOL flood signature
  • NetStumbler signatures

To configure IDS on the WLC, follow the steps in the link below:

 

https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-5/configuration-guide/b_cg75/b_cg75_chapter_0111110.pdf

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey