About aWIPS Profiles
The aWIPS profile configuration allows you to select required signatures, configure threshold values used in detection of a WIPS denial of service (DoS) attacks, and enable forensic capture at signature level. Threshold configuration helps to adjust the number of alarms which are generated for a specific duration for each aWIPS signature.
The aWIPS profile configuration support is available for the following devices with software version 17.4 and later:
-
Cisco Catalyst 9800 Series Wireless Controller
-
Cisco Catalyst 9800-CL Cloud Wireless Controller
-
Cisco Embedded Wireless Controller on Catalyst Access Points
-
Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9300 Series Switches
-
Cisco Catalyst 9400 Series Switches
-
Cisco Catalyst 9500 Series Switches
Note |
Only for SD-Access use cases, you must enable the wireless module on Cisco Catalyst 9300 Series Switches, Cisco Catalyst 9400 Series Switches, and Cisco Catalyst 9500 Series Switches for aWIPS profiles to work. |
Prerequisites
-
Verify the network connectivity between the Cisco Wireless Controller and Cisco DNA Center.
-
Make sure that the network device is reachable from Cisco DNA Center and has downloaded the aWIPS profile configuration from Cisco DNA Center.
-
For forensic capture, make sure that there is network connectivity between APs and Cisco DNA Center.
-
For forensic capture, make sure that the Google Protocol RPC (gRPC) tunnel interface has been established between APs and Cisco DNA Center. Use the show ap icap connection command to make sure that the status is READY.
-
For forensic capture, the required ports must be opened between Cisco DNA Center and network device links.
-
For forensic capture, there should not be a time lag between Cisco DNA Center and access points.
-
If you have upgraded Cisco DNA Center from an earlier release, you must disable and enable aWIPS from the Rogue and aWIPS dashboard to subscribe an additional subscription. For more information, see Monitor the Rogue Management and aWIPS Dashboard.
Note
For a new installation of Cisco DNA Center, you do not have to disable and enable aWIPS from the Rogue and aWIPS dashboard to subscribe an additional subscription.