Cisco Cisco 5520 Wireless Controller Guida Alla Progettazione
1-49
Book Title
OL-xxxxx-xx
Chapter 1 Cisco Adaptive wIPS Management Deployment Guide, Release 8.0
Adaptive WIPS Management Best Practices
This alarm will be triggered whenever a known hotspot (such as attwifi) is detected. It could be a
real hotspot from carriers or retail store, but it could also be a fake hotspot that hackers set up to
allure wireless clients. If there are real hotspots near your venue, especially for retail and public
WiFi deployment, this alarm may be disabled to ignore unnecessary false positives generated.
real hotspot from carriers or retail store, but it could also be a fake hotspot that hackers set up to
allure wireless clients. If there are real hotspots near your venue, especially for retail and public
WiFi deployment, this alarm may be disabled to ignore unnecessary false positives generated.
Alarms to be Tuned
•
Threshold-based Alarms:
–
DoS: CTS flood
In mixed deployment of 802.11n and non-802.11n devices, this alarm can be triggered a lot. It does
not mean real DoS attack happen. Administrators need to increase the threshold value based on your
environment.
not mean real DoS attack happen. Administrators need to increase the threshold value based on your
environment.
–
DoS: RTS flood
Similar to CTS flood, there may be a lot of false positives for this alarm. The threshold needs to be
increased.
increased.
•
SSID-based Alarms:
–
Honeypot AP detected
If administrators only care about any devices using your own SSIDs, you need to configure SSIDs
in the SSID group you want to monitor such as the example given in the earlier section.
in the SSID group you want to monitor such as the example given in the earlier section.
–
Soft AP or host AP detected
This is the default alarm to monitor any SSIDs. It can be triggered when a client associates with your
wireless infrastructure first, and then switches to AP mode later. If administrators only care about
monitoring your own SSIDs, you should make the change to a specific SSID group with your own
SSIDs in it.
wireless infrastructure first, and then switches to AP mode later. If administrators only care about
monitoring your own SSIDs, you should make the change to a specific SSID group with your own
SSIDs in it.
Licensing and Ordering Information
Cisco Adaptive wIPS is a licensed software feature set on the Cisco Mobility Services Engine. The table
below shows the license levels available for Adaptive wIPS.
below shows the license levels available for Adaptive wIPS.
Table 1-1
Cisco Adaptive wIPS Software Licenses
License SKUs
Description
L-WIPS-MM-1AP
License for 1 monitor
mode access point
mode access point
L-WIPS-MM-100AP
License for 100 monitor
mode access points
mode access points
L-WIPS-MM-1000AP
License for 1000
monitor mode access
points
monitor mode access
points
L-WIPS-ELM-1AP
License for 1 access
point in local mode with
wIPS
point in local mode with
wIPS