Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
748
Views
5
Helpful
2
Replies

WIPS, Planning

Leo TI
Level 1
Level 1

‎02-02-2022 06:14 PM

Hello friends, you are projecting an implementation of AP in monitor mode, dedicated to WIPS, I just passed the wireless design specialist exam, but there was no information on the criteria of where to position the APs.
My question is where to put them:
near the ap's that provide service to users?
Around the building similar to a positioning implementation?
Where are the guest users located?
Close to management?

Places where there should be no Wi-Fi service, such as ATMs?
I would appreciate links to understand this type of designs, thanks.

Labels:
0 Helpful
2 Replies 2

JPavonM
VIP
VIP

‎02-02-2022 10:24 PM

This is something that depend not only on the capabilities of the AP but also on the building's shape.

If you get latest Cisco Catalyst 9120/9130 APs they have a chip dedicated full time to the task.

But if you have APs that need to be turned into monitoring mode, then you can find some help in this Cisco guide. It all depend on the accuracy you want have, if you only need to detect and protect, or you also want to get certain triangulation to locate the threat or not (personally this is not so accurate as per my experience).

HTH
-Jesus
*** Please rate helpful responses ***

 

Arshad Safrulla
VIP Alumni
VIP Alumni

‎02-03-2022 12:24 AM

To add on top of great content by @JPavonM ;

1. Running the RF ASIC for aWIPS will have an performance impact on the AP, while it is insignificant for SMB deployments it may have a greater impact on HD deployments.

2. Enabling aWIPS will be done after careful planning, as this will end up overloading controller with lot of false-positive events (if you use Rogue detection and prevention, please make sure that you manually flag the trusted networks and configure Rogue RSSI levels for detection)

3. If you are planning to do aWIPS based purely on WLC, visibility you will get will be very low. With 9800, if you need more visibility it is a must you need DNA Center. DNA deployment can be non-fabric wireless (only telemetry and assurance)

4. If you are planning for monitor mode AP deployments, please note that only Wave2 or Catalyst AP's can provide aWIPS signatures.

5. Make sure RRM is configured to scan all channels and also with Wifi6E in the horizon and the 6E supported clients are emerging here and there, your aWIPS deployment may become obsolete if not planned properly to cover this channels as well.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card