Scribd Logo
Upload

Welcome to Scribd!

  • Information About Advanced WIPS

    Uploaded by

    ru4angel
    32 views6 pages
    hi

    Original Title

    Advanced WIPS

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    hi

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    32 views6 pages

    Information About Advanced WIPS

    Uploaded by

    ru4angel
    hi

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Advanced WIPS

    • Information About Advanced WIPS, on page 1


    • aWIPS in a Cisco Catalyst Wireless Controller environment, on page 1
    • Supported Modes and Platforms, on page 2
    • Prerequisites for Advanced WIPS, on page 2
    • Configuring Advanced WIPS (GUI), on page 2
    • Viewing Advanced WIPS Alarms (GUI), on page 3
    • Enabling Advanced WIPS, on page 3
    • Verifying Advanced WIPS, on page 4

    Information About Advanced WIPS


    The Cisco Advanced Wireless Intrusion Prevention System (aWIPS) is a wireless intrusion threat detection
    and mitigation mechanism. aWIPS uses an advanced approach to wireless threat detection and performance
    management. The AP detects the threats and generates alarms. It combines network traffic analysis, network
    device and topology information, signature-based techniques, and anomaly detection to deliver highly accurate
    and complete wireless threat prevention.
    With a fully infrastructure-integrated solution, you can continually monitor wireless traffic on both the wired
    and wireless networks and use that network intelligence to analyze attacks from many sources to accurately
    pinpoint and proactively prevent attacks, rather than wait until damage or exposure has occurred.

    aWIPS in a Cisco Catalyst Wireless Controller environment


    The aWIPS solution comprises the following components:
    • Cisco Catalyst 9800 Series Wireless Controller
    • Cisco Catalyst and Aironet Wave 2 APs
    • Cisco DNA Center

    As the aWIPS functionality is integrated into the Cisco DNA Center, the aWIPS can configure and monitor
    WIPS policies and alarms and report threats.

    Advanced WIPS
    1
    Advanced WIPS
    Supported Modes and Platforms

    Note aWIPS is supported only on Cisco DNA-C.

    aWIPS supports the following capabilities:


    • Static signatures
    • Standalone signature detection only
    • Alarms only
    • GUI support
    • Controller commands to view alarms
    • Static signature file packaged with controller and AP image
    • Export alarms to Cisco DNA Center through WSA channel

    aWIPS alarm details like the AP MAC address, alarm ID, client MAC address, alarm string, and signature
    ID are displayed on the Cisco Catalyst 9800 series wireless controller GUI.

    Supported Modes and Platforms


    aWIPS is supported on the following Cisco Catalyst Controllers:
    • Cisco Catalyst 9800 series wireless controllers
    • Cisco Embedded Wireless Controller on Catalyst Access Points

    aWIPS is supported on all controller and AP modes.

    Prerequisites for Advanced WIPS


    Set all entities (controller and APs) in an aWIPS deployment to the UTC time zone.

    Configuring Advanced WIPS (GUI)


    aWIPS initialization is done by the controller. aWIPS initialization could also be triggered via the controller
    GUI or CLI. The controller then sends the aWIPS configuration to the APs using CAPWAP.

    Procedure

    Step 1 Choose Configuration > Tags & Profiles > AP Join.


    Step 2 On the AP Join page, click the name of the desired AP join profile.
    Step 3 In the Edit AP Join Profile window, click the Security tab.
    Step 4 In the aWIPS section, select the aWIPS Enable check box.

    Advanced WIPS
    2
    Advanced WIPS
    Viewing Advanced WIPS Alarms (GUI)

    Step 5 Click Update & Apply to Device.

    Viewing Advanced WIPS Alarms (GUI)


    Procedure

    Navigate to Monitoring > Security > aWIPS.


    • To view details of the alarms in the last 5 minutes, go to the Current Alarms tab.
    • To view the alarm count over an extended period of time, either hourly, for a day (24 hours) or more, go
    to Historical Statistics tab.
    You can sort or filter the alarms based on the following parameters:
    • AP Radio MAC address
    • Client MAC address
    • Alarm ID
    • Time Stamp
    • Signature ID
    • Alarm Description
    • Alarm Message Index

    Enabling Advanced WIPS


    Procedure

    Command or Action Purpose


    Step 1 configure terminal Enters global configuration mode.
    Example:
    Device# configure terminal

    Step 2 ap profile profile-name Configures the default AP profile.


    Example:
    Device(config)# ap profile myprofile

    Step 3 aWIPS Enable aWIPS.


    Example:

    Advanced WIPS
    3
    Advanced WIPS
    Verifying Advanced WIPS

    Command or Action Purpose


    Device(config-ap-profile)# aWIPS Note aWIPS is disabled by default on the
    controller.

    Step 4 end Returns to privileged EXEC mode.


    Example: Alternatively, you can also press Ctrl-Z to
    Device(config-ap-profile)# end exit global configuration mode.

    Verifying Advanced WIPS


    To view aWIPS status, use the show awips status radio_mac command:
    Device# show awips status 00d7.8f58.2f80
    AP Radio MAC AWIPS Status Alarm Message Count
    ---------------------------------------------------------------------------
    00d7.8f58.2f80 ENABLED 3944

    The various aWIPS status indicators are listed below:


    • ENABLED: aWIPS enabled.
    • NOT_SUPPORTED: AP does not support AWIPS.
    • CONFIG_NOT ENABLED: aWIPS is not enabled on the AP.

    To view details of specific alarm signatures, use the show awips alarm signature signature_id command:
    Device# show awips alarm signature 10001
    AP Radio MAC Source/Dest MAC AlarmID Timestamp SignatureID
    Alarm Description Message Index
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------
    00d7.8f58.2f80 0023.68b0.235b 1714 11/02/2020 13:02:19 10001
    Authentication Flood 3966

    To view alarm message statistics, use the below command:


    Device# show awips alarm statistics
    To view a list of alarms since the last clear, use the below command:
    Device# show awips alarm ap ap_mac detailed
    To view detailed alarm information, use the show awips alarm detailed command:
    Device# show awips alarm detailed
    AP Radio MAC Source/Dest MAC AlarmID Timestamp SignatureID
    Alarm Description Message Index
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------
    00d7.8f58.2f80 0023.68b0.235b 1714 11/02/2020 13:02:19 10001
    Authentication Flood 3966
    00d7.8f58.2f80 0024.d71c.f3cc 1714 11/02/2020 13:02:19 10001
    Authentication Flood 3971



    00d7.8f58.2f80 0023.68b0.235b 1715 11/02/2020 13:02:20 10001
    Authentication Flood 3982
    00d7.8f58.2f80 0024.d71c.f3cc 1715 11/02/2020 13:02:20 10001

    Advanced WIPS
    4
    Advanced WIPS
    Verifying Advanced WIPS

    Authentication Flood 3987


    To view alarms on a specific AP, use the show awips alarm ap radio_mac detailed command:
    Device# show awips alarm ap 00d7.8f58.2f80 detailed
    AP Radio MAC Source/Dest MAC AlarmID Timestamp SignatureID
    Alarm Description Message Index
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------
    00d7.8f58.2f80 0023.68b0.235b 1714 11/02/2020 13:02:19 10001
    Authentication Flood 3966
    00d7.8f58.2f80 0024.d71c.f3cc 1714 11/02/2020 13:02:19 10001
    Authentication Flood 3971



    00d7.8f58.2f80 0023.68b0.235b 1715 11/02/2020 13:02:20 10001
    Authentication Flood 3982
    00d7.8f58.2f80 0024.d71c.f3cc 1715 11/02/2020 13:02:20 10001
    Authentication Flood 3987

    Advanced WIPS
    5
    Advanced WIPS
    Verifying Advanced WIPS

    Advanced WIPS
    6

    You might also like