Руководство По Проектированию для Cisco Cisco 5520 Wireless Controller
1-6
Book Title
OL-xxxxx-xx
Chapter 1 Cisco Adaptive wIPS Management Deployment Guide, Release 8.0
Cisco Adaptive wIPS Introduction
An example of Local Mode with wIPS on an AP3600, the 2.4 GHz radio is operating on channel 6. The
AP will constantly monitor channel 6, any attacks on channel 6 will be detected and reported. If an
attacker attacks channel 11, while the AP is scanning channel 11 “off-channel”, the attack will be
detected.
AP will constantly monitor channel 6, any attacks on channel 6 will be detected and reported. If an
attacker attacks channel 11, while the AP is scanning channel 11 “off-channel”, the attack will be
detected.
The features of ELM are:
•
Adds wIPS security scanning for 7x24 on channel scanning (2.4 GHz and 5 GHz), with best effort
off channel support
off channel support
•
The access point is additionally serving clients and with the G2 Series of Access Points enables
CleanAir spectrum analysis on channel (2.4 GHz and 5 GHz)
CleanAir spectrum analysis on channel (2.4 GHz and 5 GHz)
•
Adaptive wIPS scanning in data serving local and FlexConnect APs
•
Protection without requiring a separate overlay network
•
Supports PCI compliance for the wireless LANs
•
Full 802.11 and non-802.11 attack detection
•
Adds forensics and reporting capabilities
•
Flexibility to set integrated or dedicated MM APs
•
Pre-processing at APs minimize data backhaul (that is, works over very low bandwidth links)
•
Low impact on the serving data
Monitor Mode
Monitor Mode provides wIPS detection “off-channel”, which means the access point will dwell on each
channel for an extend period of time, this allows the AP to detect attacks on all channels. The 2.4GHz
radio will scan all 2.4GHz channels, while the 5GHz channel scans all 5GHz channels. An additional
access point would need to be installed for client access.
channel for an extend period of time, this allows the AP to detect attacks on all channels. The 2.4GHz
radio will scan all 2.4GHz channels, while the 5GHz channel scans all 5GHz channels. An additional
access point would need to be installed for client access.
Some of the features of Monitor Mode are:
•
The Monitor Mode Access Point (MMAP) is dedicated to operate in Monitor Mode and has the
option to add wIPS security scanning of all channels (2.4GHz and 5GHz)
option to add wIPS security scanning of all channels (2.4GHz and 5GHz)
•
The G2 Series of Access Points enable CleanAir spectrum analysis on all channels (2.4GHz and
5GHz)
5GHz)
•
MMAPs do not serve clients
AP 3600/3700 with Wireless Security Module (WSM): The Evolution of Wireless Security and Spectrum
A Cisco 3600 series Access point with the WSM module uses a combination of “on-channel” and
“off-channel”. This means that the AP3600 2.4 GHz and 5 GHz will scan the channel that they are
serving clients and the WSM module would operate in monitor mode and scan all channels.
“off-channel”. This means that the AP3600 2.4 GHz and 5 GHz will scan the channel that they are
serving clients and the WSM module would operate in monitor mode and scan all channels.
Some of the features of the WSM Module are:
•
Industry’s first Access Point enabling the ability to simultaneously Serve clients, wIPS security
scan, and analyze the spectrum using CleanAir Technology
scan, and analyze the spectrum using CleanAir Technology
•
Dedicated 2.4 GHz and 5 GHz radio with its own antennas enabling 7x24 scanning of all wireless
channels in the 2.4 GHz and 5 GHz bands
channels in the 2.4 GHz and 5 GHz bands
•
A single Ethernet infrastructure provides simplified operation with fewer devices to manage and
optimized return on investment of the AP3600 wireless infrastructure and the Ethernet wired
infrastructure
optimized return on investment of the AP3600 wireless infrastructure and the Ethernet wired
infrastructure