Hello friends, you are projecting an implementation of AP in monitor mode, dedicated to WIPS, I just passed the wireless design specialist exam, but there was no information on the criteria of where to position the APs. My question is where to put them: near the ap's that provide service to users? Around the building similar to a positioning implementation? Where are the guest users located? Close to management?
Places where there should be no Wi-Fi service, such as ATMs? I would appreciate links to understand this type of designs, thanks.
This is something that depend not only on the capabilities of the AP but also on the building's shape.
If you get latest Cisco Catalyst 9120/9130 APs they have a chip dedicated full time to the task.
But if you have APs that need to be turned into monitoring mode, then you can find some help in this Cisco guide. It all depend on the accuracy you want have, if you only need to detect and protect, or you also want to get certain triangulation to locate the threat or not (personally this is not so accurate as per my experience).
1. Running the RF ASIC for aWIPS will have an performance impact on the AP, while it is insignificant for SMB deployments it may have a greater impact on HD deployments.
2. Enabling aWIPS will be done after careful planning, as this will end up overloading controller with lot of false-positive events (if you use Rogue detection and prevention, please make sure that you manually flag the trusted networks and configure Rogue RSSI levels for detection)
3. If you are planning to do aWIPS based purely on WLC, visibility you will get will be very low. With 9800, if you need more visibility it is a must you need DNA Center. DNA deployment can be non-fabric wireless (only telemetry and assurance)
4. If you are planning for monitor mode AP deployments, please note that only Wave2 or Catalyst AP's can provide aWIPS signatures.
5. Make sure RRM is configured to scan all channels and also with Wifi6E in the horizon and the 6E supported clients are emerging here and there, your aWIPS deployment may become obsolete if not planned properly to cover this channels as well.