Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Monitor mode AP- Submode

Hi All,

When i set an ap into monitor mode, i have option to select as Wips or none.. What is the difference between these two..? If i have enabled  Wips as submode, i should have Wips device..? .

And also i am not able to find any difference in the led indication of a monitor mode AP and a LOCAL MODE ap .

Regards

Prasan

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Re: Monitor mode AP- Submode

Typically you have AP's in local and wIPS submode. Unless you have dedicated AP's, you can use monitor and wIPS submode. This explains what's required for wIPS.

http://www.cisco.com/en/US/docs/wireless/technology/wips/deployment/guide/WiPS_deployment_guide.html

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
VIP Purple

Monitor mode AP- Submode

This is from the link Scott provided which summarize wIPS AP deployment. So in your case you have to change AP to monitor mode with submode as wIPS. Through Prime & MSE you can monitor wIPS in your environment.

1. wIPS Mode Access Point - A wIPS mode access point is any access point in Monitor Mode, Enhanced Local Mode, or with the WSSI module. This term will be used to group access points capable of wIPS.

2. wIPS Monitor Mode Access Point(s) - Provides constant channel scanning with attack detection and forensics (packet capture) capabilities.

3. Local Mode Access Point(s) - Provides wireless service to clients in addition to limited time-sliced attacker scanning.

4. Enhanced Local Mode Access Point(s) - Like Local Mode, provides wireless service to client, but when scanning off-channel, the radio dwells on the channel for an extended period of time, allowing enhanced attack detection

5. Wireless Security and Spectrum Intelligence (WSSI) Module - This is an add-on module to the Cisco Aironet 3600 Series Access Point, which offloads the constant channel scanning with attack detection and forensics capabilities to the module, freeing up the serving radios for clients

6. Mobility Services Engine (running wIPS Service) - The central point of alarm aggregation from all controllers and their respective wIPS Monitor Mode Access Points. Alarm information and forensic files are stored on the system for archival purposes.

7. Wireless LAN Controller(s) - Forwards attack information from wIPS Monitor Mode Access Points to the MSE and distributes configuration parameters to APs.

8. Prime Infrastructure - Provides the administrator the means to configure the wIPS Service on the MSE, push wIPS configurations to the controller and set Access Points into wIPS Monitor mode. It is also used for viewing wIPS alarms, forensics, reporting and accessing the attack encyclopedia.

I do not think you will see any LED variation based on monitor mode activities.

HTH

Rasika

**** Pls rate all useful resposnes ****

4 REPLIES
Hall of Fame Super Silver

Re: Monitor mode AP- Submode

Typically you have AP's in local and wIPS submode. Unless you have dedicated AP's, you can use monitor and wIPS submode. This explains what's required for wIPS.

http://www.cisco.com/en/US/docs/wireless/technology/wips/deployment/guide/WiPS_deployment_guide.html

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
VIP Purple

Monitor mode AP- Submode

This is from the link Scott provided which summarize wIPS AP deployment. So in your case you have to change AP to monitor mode with submode as wIPS. Through Prime & MSE you can monitor wIPS in your environment.

1. wIPS Mode Access Point - A wIPS mode access point is any access point in Monitor Mode, Enhanced Local Mode, or with the WSSI module. This term will be used to group access points capable of wIPS.

2. wIPS Monitor Mode Access Point(s) - Provides constant channel scanning with attack detection and forensics (packet capture) capabilities.

3. Local Mode Access Point(s) - Provides wireless service to clients in addition to limited time-sliced attacker scanning.

4. Enhanced Local Mode Access Point(s) - Like Local Mode, provides wireless service to client, but when scanning off-channel, the radio dwells on the channel for an extended period of time, allowing enhanced attack detection

5. Wireless Security and Spectrum Intelligence (WSSI) Module - This is an add-on module to the Cisco Aironet 3600 Series Access Point, which offloads the constant channel scanning with attack detection and forensics capabilities to the module, freeing up the serving radios for clients

6. Mobility Services Engine (running wIPS Service) - The central point of alarm aggregation from all controllers and their respective wIPS Monitor Mode Access Points. Alarm information and forensic files are stored on the system for archival purposes.

7. Wireless LAN Controller(s) - Forwards attack information from wIPS Monitor Mode Access Points to the MSE and distributes configuration parameters to APs.

8. Prime Infrastructure - Provides the administrator the means to configure the wIPS Service on the MSE, push wIPS configurations to the controller and set Access Points into wIPS Monitor mode. It is also used for viewing wIPS alarms, forensics, reporting and accessing the attack encyclopedia.

I do not think you will see any LED variation based on monitor mode activities.

HTH

Rasika

**** Pls rate all useful resposnes ****

New Member

Monitor mode AP- Submode

Thanks a lot guyZz

What is the future of wIPS

What is the future of wIPS and MSE in that perspective ? (now that CMX naturally doesn´t cover this)

Also do we have the same options for converged access and classical WLC ?

with regards of rouge, management and wIPS.

Also I am trying to find out if Rogue detector feature. Where the AP is with radios off and scans the wire. Is that still available and supported for both WLC and Converged access ?

8797
Views
0
Helpful
4
Replies