The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Contents
This section describes how to configure and deploy the wIPS solution using the Lifecycle theme in the Prime Infrastructure UI.
Choose Design > Wireless Security from the Lifecycle theme in the Prime Infrastructure UI. The Wireless Security wizard page appears and allows you to perform the following wIPS related configurations:
Allows rogue policy to detect and report ad hoc networks.
Allows rogue rules to define rules to automatically classify rogue access points.
Allows you to add new wIPS profiles.
This section contains the following topics:
The Before You Begin wizard page displays information about how to use the Wireless Security wizard and includes the following information:
Rogue Policy—The Rogue Policy page enables you to configure the rogue policy. It has three pre-configured rogue policy settings for rogue detection and containment.
Rogue Rules—The Rogue Rules page allows you to automatically classify rogue access points based on criteria such as authentication type, matching configured SSIDs, client count, and RSSI values. Rogue rules can be created to classify rogues as Malicious and Friendly.
wIPS Profile—The wIPS Profile page provides several pre-defined profiles from which to choose. These profiles allow you to quickly activate the additional wireless threat protection available through Cisco Adaptive wIPS. The profile can be further customized by selecting the awIPS signatures to be detected and contained.
Devices—The Devices page allows you to apply rogue policy, rogue rules, and wIPS profiles to controllers.
Click Next to configure the Rogue Policy to detect and report ad hoc networks.
This page enables you to configure the rogue policy (for access points and clients) applied to the controller.
To configure the rogue policies, follow these steps:
This page enables you to define rules to automatically classify rogue access points. Prime Infrastructure applies the rogue access point classification rules to the controllers. These rules can limit the appearance of a rogue on maps based on RSSI level (weaker rogue access points are ignored) and time limit (a rogue access point is not flagged unless it is seen for the indicated period of time).
Note | Rogue classes include the following types: Malicious Rogue—A detected access point that matches the user-defined Malicious rules or has been manually moved from the Friendly AP category. Friendly Rogue—Known, acknowledged, or trusted access point or a detected access point that matches user-defined Friendly rules. Unclassified Rogue—A detected access point that does not match the Malicious or Friendly rules. |
To create a new classification rule for rogue access points, follow these steps::
Step 1 | Choose Design > Wireless Security > Rogue Rules. | ||||||||||
Step 2 | Click Create New to create new rogue rules. The Add/Edit Rogue Rule window appears. | ||||||||||
Step 3 | In the General group box, configure the following fields:
| ||||||||||
Step 4 | In the Rogue Classification Rule group box, configure the following fields:
| ||||||||||
Step 5 | Click Ok to save the rule or Cancel to cancel the creation or changes made to the current rule. You are returned to the Rogue Rules page and the newly added rogue rule is listed. | ||||||||||
Step 6 | Click Apply to apply the current rule to controllers. In the Devices wizard page, select the applicable controllers and click Apply to Controllers.
| ||||||||||
Step 7 | Click Next to configure the wIPS profiles. |
To view currently added rogues rules, follow these steps:
The following parameters are displayed in the Rogue Rules page. |
Prime Infrastructure provides several pre-defined profiles from which to choose. These profiles (based on customer types, building types, industry types, and so on) allow you to quickly activate the additional wireless threat protection available through Cisco Adaptive wIPS. You can use a profile ‘as is’ or customize it to better meet your needs.
For more information on configuring the wIPS profile, see the Configuring wIPS and Profiles section.
After configuring wIPS profile, click Next to open the Devices page where you can select the controllers to apply the settings.