cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1234
Views
5
Helpful
3
Replies

aWIPS and Rogue Detection

Hello community,

 

Now I'm deploying aWIPS and Rogue detection with the DNAC, and I have some access points in flexconnect mode to serve clients and some other APs in monitor mode to detect rogue, threats....

When I go to rogue and aWIPS dashboard I find that some threat are detected by the APs in mode flexconnect, and I want to know if this will impact client experience because I think those APs will go to off-channel scanning to detect threats and rogues, In this case I want to know if there's any way to make only APs in monitor mode that detect those threats and rogues..

 

Thank you or your support

 

Best regards

 

1 Accepted Solution

Accepted Solutions

I this case, you can create a dedicated AP join profile or more as required for the client serving AP's and disable the aWIPS, create another AP join profile for monitor mode AP's and enable aWIPS.

View solution in original post

3 Replies 3

Arshad Safrulla
VIP Alumni
VIP Alumni

What is the AP model you use? If you are using 9120, 9124 and 9130 then these AP's will be using it's built in RF ASIC to perform the spectrum analysis and scanning. Therefor you shouldn't be noticing any impact on the client experience. 

But still I prefer to offload scanning and spectrum analysis to dedicated monitor mode AP's as this will help the client serving AP's to serve only clients and do not have to allocate resources (CPU, memory) for these tasks. Also note that aWIPS is supported only on Wave2 or AX AP's. You cannot use Wave1 AP's in monitor mode for this.

 

If you want only the monitor mode AP's to do aWIPS I suggest you add them in to a different AP join profile and then enable the aWIPS under Security tab. If you are doing auto containment then you need to go to Wireless Protection Policies and check "Auto Containment only for Monitor Mode APs". 

Hello and thank you for your feedback, I'm using APs 9115.

I this case, you can create a dedicated AP join profile or more as required for the client serving AP's and disable the aWIPS, create another AP join profile for monitor mode AP's and enable aWIPS.

Review Cisco Networking for a $25 gift card