cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16179
Views
5
Helpful
5
Replies

Monitor mode AP- Submode

Prasan Venky
Level 3
Level 3

Hi All,

When i set an ap into monitor mode, i have option to select as Wips or none.. What is the difference between these two..? If i have enabled  Wips as submode, i should have Wips device..? .

And also i am not able to find any difference in the led indication of a monitor mode AP and a LOCAL MODE ap .

Regards

Prasan

2 Accepted Solutions

Accepted Solutions

Scott Fella
Hall of Fame
Hall of Fame

Typically you have AP's in local and wIPS submode. Unless you have dedicated AP's, you can use monitor and wIPS submode. This explains what's required for wIPS.

http://www.cisco.com/en/US/docs/wireless/technology/wips/deployment/guide/WiPS_deployment_guide.html

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

This is from the link Scott provided which summarize wIPS AP deployment. So in your case you have to change AP to monitor mode with submode as wIPS. Through Prime & MSE you can monitor wIPS in your environment.

1. wIPS Mode Access Point - A wIPS mode access point is any access point in Monitor Mode, Enhanced Local Mode, or with the WSSI module. This term will be used to group access points capable of wIPS.

2. wIPS Monitor Mode Access Point(s) - Provides constant channel scanning with attack detection and forensics (packet capture) capabilities.

3. Local Mode Access Point(s) - Provides wireless service to clients in addition to limited time-sliced attacker scanning.

4. Enhanced Local Mode Access Point(s) - Like Local Mode, provides wireless service to client, but when scanning off-channel, the radio dwells on the channel for an extended period of time, allowing enhanced attack detection

5. Wireless Security and Spectrum Intelligence (WSSI) Module - This is an add-on module to the Cisco Aironet 3600 Series Access Point, which offloads the constant channel scanning with attack detection and forensics capabilities to the module, freeing up the serving radios for clients

6. Mobility Services Engine (running wIPS Service) - The central point of alarm aggregation from all controllers and their respective wIPS Monitor Mode Access Points. Alarm information and forensic files are stored on the system for archival purposes.

7. Wireless LAN Controller(s) - Forwards attack information from wIPS Monitor Mode Access Points to the MSE and distributes configuration parameters to APs.

8. Prime Infrastructure - Provides the administrator the means to configure the wIPS Service on the MSE, push wIPS configurations to the controller and set Access Points into wIPS Monitor mode. It is also used for viewing wIPS alarms, forensics, reporting and accessing the attack encyclopedia.

I do not think you will see any LED variation based on monitor mode activities.

HTH

Rasika

**** Pls rate all useful resposnes ****

View solution in original post

5 Replies 5

Scott Fella
Hall of Fame
Hall of Fame

Typically you have AP's in local and wIPS submode. Unless you have dedicated AP's, you can use monitor and wIPS submode. This explains what's required for wIPS.

http://www.cisco.com/en/US/docs/wireless/technology/wips/deployment/guide/WiPS_deployment_guide.html

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

This is from the link Scott provided which summarize wIPS AP deployment. So in your case you have to change AP to monitor mode with submode as wIPS. Through Prime & MSE you can monitor wIPS in your environment.

1. wIPS Mode Access Point - A wIPS mode access point is any access point in Monitor Mode, Enhanced Local Mode, or with the WSSI module. This term will be used to group access points capable of wIPS.

2. wIPS Monitor Mode Access Point(s) - Provides constant channel scanning with attack detection and forensics (packet capture) capabilities.

3. Local Mode Access Point(s) - Provides wireless service to clients in addition to limited time-sliced attacker scanning.

4. Enhanced Local Mode Access Point(s) - Like Local Mode, provides wireless service to client, but when scanning off-channel, the radio dwells on the channel for an extended period of time, allowing enhanced attack detection

5. Wireless Security and Spectrum Intelligence (WSSI) Module - This is an add-on module to the Cisco Aironet 3600 Series Access Point, which offloads the constant channel scanning with attack detection and forensics capabilities to the module, freeing up the serving radios for clients

6. Mobility Services Engine (running wIPS Service) - The central point of alarm aggregation from all controllers and their respective wIPS Monitor Mode Access Points. Alarm information and forensic files are stored on the system for archival purposes.

7. Wireless LAN Controller(s) - Forwards attack information from wIPS Monitor Mode Access Points to the MSE and distributes configuration parameters to APs.

8. Prime Infrastructure - Provides the administrator the means to configure the wIPS Service on the MSE, push wIPS configurations to the controller and set Access Points into wIPS Monitor mode. It is also used for viewing wIPS alarms, forensics, reporting and accessing the attack encyclopedia.

I do not think you will see any LED variation based on monitor mode activities.

HTH

Rasika

**** Pls rate all useful resposnes ****

Thanks a lot guyZz

What is the future of wIPS and MSE in that perspective ? (now that CMX naturally doesn´t cover this)

Also do we have the same options for converged access and classical WLC ?

with regards of rouge, management and wIPS.

Also I am trying to find out if Rogue detector feature. Where the AP is with radios off and scans the wire. Is that still available and supported for both WLC and Converged access ?

I am deploying 1815i APs. These APs will be adopted to 5520 WLC . We have planned for 235 APs to be deployed as Data APs and 45 APs as dedicated monitor mode APs with WIPS License associated for Rogue AP/Rogue Client containment. However in the AP mode options in the GUI menu of the All AP configuration screen in controller, there is no Monitor mode AP option ( unlike in the case of 1702i AP ). In the case of 1815i AP, I see only 3 options viz. Local, flex and Sniffer. I would like to know how to configure 1815i AP as dedicated monitor mode AP with WIPS License associated.

Review Cisco Networking for a $25 gift card