Cisco Cisco 5520 Wireless Controller Guía De Diseño
1-9
Book Title
OL-xxxxx-xx
Chapter 1 Cisco Adaptive wIPS Management Deployment Guide, Release 8.0
Cisco Adaptive wIPS Introduction
Note
A controller is associated to a single configuration profile, which will be utilized for all wIPS
mode Access Points joined to that controller. As such, all wIPS Mode APs connected to a
controller will share the same wIPS configuration.
mode Access Points joined to that controller. As such, all wIPS Mode APs connected to a
controller will share the same wIPS configuration.
4.
The Wireless LAN Controller receives the updated wIPS profile, stores it into NVRAM
(replacing any previous revision of the profile) and propagates the updated profile to its
associated wIPS Access Points via CAPWAP control messages.
(replacing any previous revision of the profile) and propagates the updated profile to its
associated wIPS Access Points via CAPWAP control messages.
5.
A wIPS Mode Access Point receives the updated profile from the controller and applies the
modifications to its wIPS software engine.
modifications to its wIPS software engine.
It should be noted that a Mobility Services Engine can only be configured from one Prime Infrastructure.
This is essentially a 1:1 relationship meaning that a Mobility Services Engine, once associated to a
particular PI, cannot be added to another PI.
This is essentially a 1:1 relationship meaning that a Mobility Services Engine, once associated to a
particular PI, cannot be added to another PI.
wIPS Alarm Flow
The Adaptive wIPS system follows a linear chain of communication to propagate attack information
obtained from scanning the airwaves to the console of the Prime Infrastructure.
obtained from scanning the airwaves to the console of the Prime Infrastructure.
1.
In order for an alarm to be triggered on the Cisco Adaptive wIPS system, an attack must be
launched against a legitimate Access Point or Client. Legitimate Access Points and clients are
discovered automatically in a Cisco Unified Wireless Network by ‘trusting’ devices
broadcasting the same ‘RF-Group’ name. In this configuration, the system dynamically
maintains a list of local-mode Access Points and their associated clients. The system can also
be configured to ‘trust’ devices by SSID using the SSID Groups feature. Only attacks, which
are considered harmful to the WLAN infrastructure, are propagated upwards to the rest of the
system.
launched against a legitimate Access Point or Client. Legitimate Access Points and clients are
discovered automatically in a Cisco Unified Wireless Network by ‘trusting’ devices
broadcasting the same ‘RF-Group’ name. In this configuration, the system dynamically
maintains a list of local-mode Access Points and their associated clients. The system can also
be configured to ‘trust’ devices by SSID using the SSID Groups feature. Only attacks, which
are considered harmful to the WLAN infrastructure, are propagated upwards to the rest of the
system.
2.
Once an attack has been identified by the wIPS Mode Access Point engine, an alarm update is
sent to the Wireless LAN Controller and is encapsulated inside the CAPWAP control tunnel.
sent to the Wireless LAN Controller and is encapsulated inside the CAPWAP control tunnel.
3.
The Wireless LAN Controller will transparently forward the alarm update from the Access Point
to the wIPS Service running on the Mobility Services Engine. The protocol used for this
communication is NMSP.
to the wIPS Service running on the Mobility Services Engine. The protocol used for this
communication is NMSP.