Step 1
|
From the top-left corner, click the menu icon and choose .
The Rogue and aWIPS window is displayed. By default, Catalyst Center displays the Overview dashboard.
Note
|
If a Cisco AireOS Controller does not meet the minimum software version required, a notification is displayed at the top of
the dashboard. Click Go To Devices in the notification to upgrade to the supported version.
|
|
Step 2
|
In the Site menu, click Global.
The Site Selector
slide-in pane is displayed.
-
Enter a site name in the Search Hierarchy search bar or expand Global to choose a site.
Note
|
-
If a site has more than 254 subsites, that site is disabled by default.
-
Site hierarchies that do not have floors are not listed in the site selector slide-in pane.
|
|
Step 3
|
From the Actions drop-down list, choose to enable rogue subscription on the Cisco Wireless Controller and the Cisco Catalyst 9800 Series Wireless Controller.
|
Step 4
|
Click Yes in the Warning dialog box that is displayed.
|
Step 5
|
In the Rogue and aWIPS Subscription
slide-in pane, do the following to enable rogue subscription:
Note
|
The Configuration Preview tab appears only when the Configuration Preview is enabled. For information on how to enable configuration preview or ITSM approval, see the "Enable Visibility and Control
of Configurations" topic in the Cisco Catalyst Center Administrator Guide.
|
-
Depending on the Visibility and Control of Configurations settings, choose an available option:
-
Now: Immediately deploy the configurations.
-
Later: Schedule the date and time and define the time zone of the deployment.
-
Generate configuration preview: Review the configurations before deploying them.
If only visibility is enabled or both visibility and control are enabled, Generate configuration preview is chosen by default, and Now and Later are dimmed (unavailable). For more information, see "Visibility and Control of Device Configurations" in the Cisco Catalyst Center User Guide.
-
In the Task Name field, enter a task name.
-
Click Apply.
-
On the Performing Initial Checks window, address the following issues to continue with your current deployment:
-
Pending Operations: Wait for all pending operations to deploy or discard them.
-
Device Compliance: Fix, acknowledge, or ignore all issues.
If you ignore any noncompliant devices, this activity is captured on the Audit Logs window.
-
Device Level Validations: Remove the unsupported configurations used in the CLI template.
Note
|
This check is only applicable for fabric devices. Currently the check does not validate the CLI templates for non-fabric devices.
|
You can also choose to ignore the issues, but it is recommended to resolve the issues before you proceed with provisioning.
-
After addressing all the issues, click Recheck in the bottom-right corner of the window and make sure that all the validations are successful.
For more information, see "Network Provisioning Prechecks" in the Cisco Catalyst Center User Guide.
If you chose Now or Later, click Submit, and the device configurations will deploy at the scheduled time. You can view the task on the Tasks window.
-
If you chose Generate configuration preview, depending on the Visibility and Control of Configurations settings, do the following:
-
On the Preparing Devices and Configuration Models window, wait for the system to prepare the devices and generate the device configurations. This can take some time, so you
can click Exit and Preview Later. To view the work item later, go to the Tasks window.
-
On the Preview Configuration window, review the device configurations.
For more information, see "Visibility and Control of Device Configurations" in the Cisco Catalyst Center User Guide.
-
Do one of the following:
-
When you're ready, click Deploy or Submit for Approval.
-
If you're not ready to deploy the configurations or submit them for ITSM approval, click Exit and Preview Later. Later, go to the Tasks window, open the work item, and click Deploy or Submit for Approval.
Note
|
You can submit the device configurations for ITSM approval and deploy them without previewing all the configurations.
|
-
In the slide-in pane, indicate when you want to deploy the configuration, choose a time zone, and if visibility and control are enabled, add notes
for the IT administrator.
-
Click Submit.
You can check the work item’s approval status or the task’s deployment status on the Tasks window. If the work item isn’t approved, you need to resubmit the work item for ITSM approval. When it’s approved, it's deployed
at the scheduled time.
|
Step 6
|
Choose to disable the rogue actions temporarily.
|
Step 7
|
Click Yes in the Warning dialog box that is displayed.
After the rogue management functionality is disabled, data from the wireless controller will not be pushed to Catalyst Center until the rogue management functionality is enabled.
|
Step 8
|
In the Rogue and aWIPS Subscription
slide-in pane, do the following to disable rogue subscription:
-
Depending on the Visibility and Control of Configurations settings, choose an available option:
-
Now: Immediately deploy the configurations.
-
Later: Schedule the date and time and define the time zone of the deployment.
-
Generate configuration preview: Review the configurations before deploying them.
If only visibility is enabled or both visibility and control are enabled, Generate configuration preview is chosen by default, and Now and Later are dimmed (unavailable). For more information, see "Visibility and Control of Device Configurations" in the Cisco Catalyst Center User Guide.
-
In the Task Name field, enter a task name.
-
Click Apply.
-
On the Performing Initial Checks window, address the following issues to continue with your current deployment:
-
Pending Operations: Wait for all pending operations to deploy or discard them.
-
Device Compliance: Fix, acknowledge, or ignore all issues.
If you ignore any noncompliant devices, this activity is captured on the Audit Logs window.
-
Device Level Validations: Remove the unsupported configurations used in the CLI template.
Note
|
This check is only applicable for fabric devices. Currently the check does not validate the CLI templates for non-fabric devices.
|
You can also choose to ignore the issues, but it is recommended to resolve the issues before you proceed with provisioning.
-
After addressing all the issues, click Recheck in the bottom-right corner of the window and make sure that all the validations are successful.
For more information, see "Network Provisioning Prechecks" in the Cisco Catalyst Center User Guide.
If you chose Now or Later, click Submit, and the device configurations will deploy at the scheduled time. You can view the task on the Tasks window.
-
If you chose Generate configuration preview, depending on the Visibility and Control of Configurations settings, do the following:
-
On the Preparing Devices and Configuration Models window, wait for the system to prepare the devices and generate the device configurations. This can take some time, so you
can click Exit and Preview Later. To view the work item later, go to the Tasks window.
-
On the Preview Configuration window, review the device configurations.
For more information, see "Visibility and Control of Device Configurations" in the Cisco Catalyst Center User Guide.
-
Do one of the following:
-
When you're ready, click Deploy or Submit for Approval.
-
If you're not ready to deploy the configurations or submit them for ITSM approval, click Exit and Preview Later. Later, go to the Tasks window, open the work item, and click Deploy or Submit for Approval.
Note
|
You can submit the device configurations for ITSM approval and deploy them without previewing all the configurations.
|
-
In the slide-in pane, indicate when you want to deploy the configuration, choose a time zone, and if visibility and control are enabled, add notes
for the IT administrator.
-
Click Submit.
You can check the work item’s approval status or the task’s deployment status on the Tasks window. If the work item isn’t approved, you need to resubmit the work item for ITSM approval. When it’s approved, it's deployed
at the scheduled time.
|
Step 9
|
Choose to view the rogue configuration job status.
|
Step 10
|
Filter the rogue subscription status by All, Failure, Success, or In Progress by clicking the respective tabs.
The Operation column shows Enable if the rogue-detection operation is enabled successfully on the wireless controller.
The Status column shows Success if the subscription configuration changes are successfully pushed to the wireless controller.
|
Step 11
|
Choose to enable aWIPS data collection on Catalyst Center.
|
Step 12
|
Click Yes in the Warning dialog box that is displayed.
|
Step 13
|
In the Rogue and aWIPS Subscription
slide-in pane, do the following to enable aWIPS subscription:
Note
|
The Configuration Preview tab appears only when the Configuration Preview is enabled. For information on how to enable configuration preview or ITSM approval, see the "Enable Visibility and Control
of Configurations" topic in the Cisco Catalyst Center Administrator Guide.
|
-
Depending on the Visibility and Control of Configurations settings, choose an available option:
-
Now: Immediately deploy the configurations.
-
Later: Schedule the date and time and define the time zone of the deployment.
-
Generate configuration preview: Review the configurations before deploying them.
If only visibility is enabled or both visibility and control are enabled, Generate configuration preview is chosen by default, and Now and Later are dimmed (unavailable). For more information, see "Visibility and Control of Device Configurations" in the Cisco Catalyst Center User Guide.
-
In the Task Name field, enter a task name.
-
Click Apply.
-
On the Performing Initial Checks window, address the following issues to continue with your current deployment:
-
Pending Operations: Wait for all pending operations to deploy or discard them.
-
Device Compliance: Fix, acknowledge, or ignore all issues.
If you ignore any noncompliant devices, this activity is captured on the Audit Logs window.
-
Device Level Validations: Remove the unsupported configurations used in the CLI template.
Note
|
This check is only applicable for fabric devices. Currently the check does not validate the CLI templates for non-fabric devices.
|
You can also choose to ignore the issues, but it is recommended to resolve the issues before you proceed with provisioning.
-
After addressing all the issues, click Recheck in the bottom-right corner of the window and make sure that all the validations are successful.
For more information, see "Network Provisioning Prechecks" in the Cisco Catalyst Center User Guide.
If you chose Now or Later, click Submit, and the device configurations will deploy at the scheduled time. You can view the task on the Tasks window.
-
If you chose Generate configuration preview, depending on the Visibility and Control of Configurations settings, do the following:
-
On the Preparing Devices and Configuration Models window, wait for the system to prepare the devices and generate the device configurations. This can take some time, so you
can click Exit and Preview Later. To view the work item later, go to the Tasks window.
-
On the Preview Configuration window, review the device configurations.
For more information, see "Visibility and Control of Device Configurations" in the Cisco Catalyst Center User Guide.
-
Do one of the following:
-
When you're ready, click Deploy or Submit for Approval.
-
If you're not ready to deploy the configurations or submit them for ITSM approval, click Exit and Preview Later. Later, go to the Tasks window, open the work item, and click Deploy or Submit for Approval.
Note
|
You can submit the device configurations for ITSM approval and deploy them without previewing all the configurations.
|
-
In the slide-in pane, indicate when you want to deploy the configuration, choose a time zone, and if visibility and control are enabled, add notes
for the IT administrator.
-
Click Submit.
You can check the work item’s approval status or the task’s deployment status on the Tasks window. If the work item isn’t approved, you need to resubmit the work item for ITSM approval. When it’s approved, it's deployed
at the scheduled time.
|
Step 14
|
Choose to disable the aWIPS actions temporarily.
Click Yes in the Warning dialog box that is displayed.
|
Step 15
|
In the Rogue and aWIPS Subscription
slide-in pane, do the following to disable aWIPS subscription:
-
Depending on the Visibility and Control of Configurations settings, choose an available option:
-
Now: Immediately deploy the configurations.
-
Later: Schedule the date and time and define the time zone of the deployment.
-
Generate configuration preview: Review the configurations before deploying them.
If only visibility is enabled or both visibility and control are enabled, Generate configuration preview is chosen by default, and Now and Later are dimmed (unavailable). For more information, see "Visibility and Control of Device Configurations" in the Cisco Catalyst Center User Guide.
-
In the Task Name field, enter a task name.
-
Click Apply.
-
On the Performing Initial Checks window, address the following issues to continue with your current deployment:
-
Pending Operations: Wait for all pending operations to deploy or discard them.
-
Device Compliance: Fix, acknowledge, or ignore all issues.
If you ignore any noncompliant devices, this activity is captured on the Audit Logs window.
-
Device Level Validations: Remove the unsupported configurations used in the CLI template.
Note
|
This check is only applicable for fabric devices. Currently the check does not validate the CLI templates for non-fabric devices.
|
You can also choose to ignore the issues, but it is recommended to resolve the issues before you proceed with provisioning.
-
After addressing all the issues, click Recheck in the bottom-right corner of the window and make sure that all the validations are successful.
For more information, see "Network Provisioning Prechecks" in the Cisco Catalyst Center User Guide.
If you chose Now or Later, click Submit, and the device configurations will deploy at the scheduled time. You can view the task on the Tasks window.
-
If you chose Generate configuration preview, depending on the Visibility and Control of Configurations settings, do the following:
-
On the Preparing Devices and Configuration Models window, wait for the system to prepare the devices and generate the device configurations. This can take some time, so you
can click Exit and Preview Later. To view the work item later, go to the Tasks window.
-
On the Preview Configuration window, review the device configurations.
For more information, see "Visibility and Control of Device Configurations" in the Cisco Catalyst Center User Guide.
-
Do one of the following:
-
When you're ready, click Deploy or Submit for Approval.
-
If you're not ready to deploy the configurations or submit them for ITSM approval, click Exit and Preview Later. Later, go to the Tasks window, open the work item, and click Deploy or Submit for Approval.
Note
|
You can submit the device configurations for ITSM approval and deploy them without previewing all the configurations.
|
-
In the slide-in pane, indicate when you want to deploy the configuration, choose a time zone, and if visibility and control are enabled, add notes
for the IT administrator.
-
Click Submit.
You can check the work item’s approval status or the task’s deployment status on the Tasks window. If the work item isn’t approved, you need to resubmit the work item for ITSM approval. When it’s approved, it's deployed
at the scheduled time.
|
Step 16
|
Choose to view the aWIPS subscription status.
|
Step 17
|
Filter the aWIPS subscription status by All, Failure, Success, or In Progress by clicking the respective tabs.
The Operation column shows Enable if the aWIPS subscription operation is enabled successfully on the wireless controller.
The Status column shows Success if the subscription configuration changes are successfully pushed to the wireless controller.
|
Step 18
|
Use the Threats dashlets to display following information:
-
TOTAL ROGUE THREATS: Displays the total number of rogue threats.
-
TOTAL AWIPS THREATS: Displays the total number of aWIPS threats.
-
TOTAL UNIQUE ROGUE CLIENTS: Displays the total number of unique rogue clients.
-
ROGUES CONTAINED: Displays the total number of rogues contained.
The Active High Threats and High Threats Over Time graphs below the timeline slider display the threat details accordingly.
|
Step 19
|
The Active High Threats, Top Locations Affected, and High Threats Over Time graphs display information about rogue APs detected in the last three hours by default. The graph information is based on
the time interval that you choose from the Hours drop-down list.
|
Step 20
|
Use the High Threats Summary dashlet to display the following information:
High Threats Summary Dashlet |
Item |
Description |
Active High Threats
|
Displays information about active threat levels in the form of a donut graph. You can filter the active high threats by Top 10 or All threat types.
Click each colored slice of the donut graph to view detailed information about the threats. Hover your cursor over the graph
to see the number of active high threats.
Click All to display the threat types and counts in a table format.
|
Top Locations Affected
|
Displays the top five locations affected per selected site for high threats.
|
|
Step 21
|
Use the High Threats Over Time dashlet to display the following information:
High Threats Over Time Dashlet |
Item |
Description |
Threats Over Time
|
Displays detailed information about high threats over time, based on the selected time period.
Click each threat type below Total Active High Threat. Threat information is displayed in a graph view.
High threat deviation is measured on a color value scale:
-
Green color indicates threat deviation that is less than 0.
-
Orange color indicates threat deviation from 0 to 9.
-
Red color indicates threat deviation that is more than or equal to 10.
Hover your cursor over the graph to view the number of high threats that occurred at a particular time.
|
View Threats
|
Click View Threats to view the threats table. A list of high threats is displayed.
|
|
Step 22
|
Use the Threats By Location dashlet to view information about threats in the map view:
Location Option |
Item |
Description |
Map View
|
Click this toggle button to display a map view of the locations affected by threats.
Hover your cursor over the corresponding location in the map to view all the threat levels and counts.
|
List View
|
Click this toggle button to display a list view of the locations affected by threats.
|
|
Step 23
|
Use the Threat Setting Summary dashlet to view following information:
Threat Setting Summary Dashlet |
Item |
Description |
Allowed AP List
|
Displays information about the allowed AP count and configured threat level.
Click View Details to display the Allowed List window to view detailed information on the Allowed Access Point List.
|
Allowed Vendor List
|
Displays information about the allowed vendors count and configured threat level.
Click View Details to display the Allowed List window to view information on the Allowed Vendor List.
|
Rogue Rule
|
Displays information about a rule, its conditions type, rule profiles associated to it, and threat level.
Click View Details to display the Rules window to view detailed information on rogue rules.
|
|
Step 24
|
(Optional) Use the Tips dashlet for a direct link to workflows such as Create Allowed AP List, Create Allowed Vendor List, Create Rogue Rule, and
so on.
|
Step 25
|
(Optional) Click View All to view all the available workflows.
|