Руководство По Проектированию для Cisco Cisco 5520 Wireless Controller
1-5
Book Title
OL-xxxxx-xx
Chapter 1 Cisco Adaptive wIPS Management Deployment Guide, Release 8.0
Cisco Adaptive wIPS Introduction
•
Local Mode Access Point(s)—Provides wireless service to clients in addition to limited time-sliced
attacker scanning.
attacker scanning.
•
Access Point(s) with Local Mode with wIPS—Like Local Mode, provides wireless service to client,
but when scanning off-channel, the radio dwells on the channel for an extended period of time,
allowing enhanced attack detection.
but when scanning off-channel, the radio dwells on the channel for an extended period of time,
allowing enhanced attack detection.
•
Wireless Security (WSM) Module—This is an add-on module to the Cisco Aironet 3600/3700 Series
Access Point, which offloads the constant channel scanning with attack detection and forensics
capabilities to the module, freeing up the serving radios for clients.
Access Point, which offloads the constant channel scanning with attack detection and forensics
capabilities to the module, freeing up the serving radios for clients.
•
Mobility Services Engine (running wIPS Service)—The central point of alarm aggregation from all
controllers and their respective wIPS Monitor Mode Access Points. Alarm information and forensic
files are stored on the system for archival purposes.
controllers and their respective wIPS Monitor Mode Access Points. Alarm information and forensic
files are stored on the system for archival purposes.
•
Wireless LAN Controller(s)—Forwards attack information from wIPS Monitor Mode Access Points
to the MSE and distributes configuration parameters to APs.
to the MSE and distributes configuration parameters to APs.
•
Prime Infrastructure—Provides the administrator the means to configure the wIPS Service on the
MSE, push wIPS configurations to the controller and set Access Points into wIPS Monitor mode. It
is also used for viewing wIPS alarms, forensics, reporting and accessing the attack encyclopedia.
MSE, push wIPS configurations to the controller and set Access Points into wIPS Monitor mode. It
is also used for viewing wIPS alarms, forensics, reporting and accessing the attack encyclopedia.
wIPS Deployment Modes
Beginning with the 7.4 release, Cisco Adaptive Wireless IPS has three options for wIPS mode access
points. To better understand the differences between the wIPS mode access points, lets discuss each
mode.
points. To better understand the differences between the wIPS mode access points, lets discuss each
mode.
Local Mode with wIPS
Local Mode with wIPS provides wIPS detection “on-channel”, which means attackers will be detected
on the channel that is serving clients. For all other channels, ELM provides best effort wIPS detection.
This means that every frame the radio would go “off-channel” for a short period of time. While
“off-channel”, if an attack occurs while that channel is scanned, the attack will be detected.
on the channel that is serving clients. For all other channels, ELM provides best effort wIPS detection.
This means that every frame the radio would go “off-channel” for a short period of time. While
“off-channel”, if an attack occurs while that channel is scanned, the attack will be detected.