Cisco Cisco 5508 Wireless Controller Designanleitung

1-55

Book Title

OL-xxxxx-xx

Chapter 1 Cisco Adaptive wIPS Management Deployment Guide, Release 8.0

WIPS monitoring on 1800 AP Platform(1810, 1815, 1850, 1830)

Similarly, 1800 Wave 2 Access Points including 1810, 1815, 1850 and 1830 can be deployed in a
network for over the air scanning for wIPS attackers, CleanAir interferers, and rogue devices. The AP
platform supports wips scanning only in Local mode, Monitor mode is not supported.

ELM mode – Local AP mode with WIPS as Sub Mode

Local Mode with wIPS provides wIPS detection “on-channel”, which means attackers will be detected
on the channel that is serving clients. For all other channels, ELM provides best effort wIPS detection.
This means that every frame the radio would go “off-channel” for a short period of time. While
“off-channel”, if an attack occurs while that channel is scanned, the attack will be detected. FRA radio
in ELM client serving mode is still capable of serving clients.

Supported Alarms

Alarm ID

Alarm Name

Device using open authentication

Device probing for Aps

AP association capacity full

DoS: Authentication-failure attack

Excessive multicast/broadcast on channel

Spoofed MAC address detected

DoS: Association table overflow

AP overloaded by stations

DoS: Authentication flood

DoS: De-Auth broadcast flood

DoS: De-Auth flood

DoS: Dis-Assoc broadcast flood

DoS: Dis-Assoc flood