Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Intrusion tracking in AP's

Hi everybody,

we have a wifi network with up to 300 AP's.

When we receive an intrusion, we know that certain IP address in certain date tried to connect to our network; and we want to know all the intrusion tracking: all the MAC-IP addresses tracking association during the attack.

I know this is impossible with the LMS User Tracking because it doesn't support this information from AP's.

I would like to know if is it possible from WLSE. We have it installed but I cannot find if we can track all the MAC-IP addresses association during the attack.

Many thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Intrusion tracking in AP's

Use the WLSE Intrusion Detection System (IDS) tab to display intrusion detection information for devices in your network, manage IDS settings, and set up IDS notifications.

To find the switch port to which the rogue AP is connected (if it is connected), the Switch Port Location feature uses BSSIDs of the rogue APs that it hears over the air to make a heuristic guess of the rogue's Ethernet MAC address.

Here is the good link for tracking the users.

http://www.cisco.com/en/US/docs/wireless/wlse/2.13/user/guide/wids.html

1 REPLY
Silver

Re: Intrusion tracking in AP's

Use the WLSE Intrusion Detection System (IDS) tab to display intrusion detection information for devices in your network, manage IDS settings, and set up IDS notifications.

To find the switch port to which the rogue AP is connected (if it is connected), the Switch Port Location feature uses BSSIDs of the rogue APs that it hears over the air to make a heuristic guess of the rogue's Ethernet MAC address.

Here is the good link for tracking the users.

http://www.cisco.com/en/US/docs/wireless/wlse/2.13/user/guide/wids.html

104
Views
0
Helpful
1
Replies
CreatePlease to create content