Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
710
Views
0
Helpful
3
Replies

Deploy wIPS without cisco SME

Anwar Safian
Level 1
Level 1

‎09-10-2019 11:46 PM - edited ‎07-05-2021 10:59 AM

Hi expert

 

Base on datasheet, we need AP, WLC, Prime and MSE to depoy wIPS.

https://www.cisco.com/c/en/us/products/collateral/wireless/adaptive-wireless-ips-software/data_sheet_c78-501388.html

My question is, if we can deploy wIPS without using MSE? If can, what is the wIPS feature that not support this kind of deployment?

Labels:
0 Helpful
3 Replies 3

patoberli
VIP Alumni
VIP Alumni

‎09-11-2019 07:44 AM

To use the somewhat more advanced IPS features you require an MSE.
If you don't have an MSE, don't enable the AP sub-mode wIPS, as you only waste airtime.
0 Helpful

d.friday
Level 4
Level 4

‎09-12-2019 09:45 AM

The WLC supports 17 standard signatures out of the box.  if you need to the advanced signatures, this is where the MSE comes into play.

There are tons of advantages with using the MSE solution, however its not cheap. and Cisco is moving away from this, so if don't need the features of the wIPS I would wait to see what Cisco releases in the near future.

0 Helpful

jonathga
Cisco Employee
Cisco Employee

‎09-13-2019 08:16 AM

Hellow Anwar, the WLC uses IDS signatures that are used to identify various types of attacks in incoming 802.11 packets. When the signatures are enabled, the APs that are joined to the Cisco WLC perform signature analysis on the received 802.11 data or management frames and report discrepancies to the Cisco WLC.

 

CONTROLLER-BASED IDS FLOW

  • The AP examines frames:
    • Local mode AP: 802.11 management frames.
    • Monitor mode AP: 802.11 management and data frames.
  • The AP compares signatures.
  • The AP detects possible attacks.
  • The AP sends an alert to the WLC.

The WLC supports 17 standard signatures on Cisco WLC. These signatures are divided into six main groups; the first four groups contain management signatures, and the last two groups contain data signatures:

 

  • Broadcast deauthentication frame signatures
  • NULL probe response signatures
  • Management frame flood signatures
  • Wellenreiter signature
  • EAPOL flood signature
  • NetStumbler signatures

To configure IDS on the WLC, follow the steps in the link below:

 

https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-5/configuration-guide/b_cg75/b_cg75_chapter_0111110.pdf

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card