×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

How to test WiPS on Wireless Infrastructure???

Answered Question
Aug 26th, 2014
User Badges:

How can I test the wips functionallity on a wireless infrastructure using a wlc 5508,3700 APs with WiPS module, NCS PRIME 2.0 and MSE with WiPS?

At this time the APs are as local mode and wips sub mode on WLC 5508, and the WiPS licenses on NCS are installed.

What could be the best scenario(software, antennas, cards) to test the wireless security with this infrastructure?

 

REGARDS.

Correct Answer by Amjad Abdullah about 2 years 11 months ago

You may use Kali Linux to do some wireless attacks on your network and see how they're being detected by your WIPs.

you may google for kali linux wireless attacks. here is one example link:

https://www.packtpub.com/books/content/kali-linux-%E2%80%93-wireless-att...

 

Regards,

 

Amjad

Correct Answer by abwahid about 2 years 11 months ago

Hi,

please go through below link which probably will remove you glitch.

http://www.cisco.com/c/en/us/td/docs/wireless/technology/wips/deployment...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Arturo Sanchez Ruiz Fri, 09/19/2014 - 15:04
User Badges:
I´m doing that and flooding to the core switch of my lab where I´m testing that, what do I have to see in NCS at the time I´m flooding with the software, what does WiPS must do in order with the attack??? REGARDS
Amjad Abdullah Sun, 09/21/2014 - 07:04
User Badges:
  • Red, 2250 points or more

What you have to do is to either impersonate the AP (send deauth messages to the client on behalf of your AP with your AP BSSID as the source MAC) or use floods DoS (authentication floods for example, a client that tries to maliciously send high number of auth requests to the AP and stops at that stage of state machine which will fill the Association table of the AP and prevents other clients form being able to connect).

 

Here is Cisco WIPS Policy Alarm Encyclopedia:

http://goo.gl/LXBLW5

 

My question here would be: Do you have a Mobility Service Engine (MSE) in your infrastructure? That's necessary to be available with WIPS service running and that must be integrated with WLCs and NCS/Prime.

 

Regards,

 

Amjad

Arturo Sanchez Ruiz Sun, 09/21/2014 - 08:29
User Badges:
Yes, I have Ucs with Ncs and MSE on virtual mode, 2 wlc 5508 and 1 ap 3602 with WiPS module, and one laptop doing DoS attacks , and when I do that, I only see the Mac on NCS map but nothing else happens, at this time i have MFP not configured because in the past we had some issues with the feature, do we have to configure it ????
Amjad Abdullah Mon, 09/22/2014 - 00:46
User Badges:
  • Red, 2250 points or more

You don't have to run MFP. But you need to make sure that wIPS service is running correctly on on the MSE and MSE, NCS and WLC area all synched.

Have you followed the deployment guide and created wIPS profiles on NCS?

http://goo.gl/MgUxSU

Regards,

Amjad

Actions

This Discussion

Related Content

 

 

Trending Topics - Security & Network