Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Best Practise for WLC IDS Signature Thresholds

Hi, are there any best practices for WLC IDS Signature thresholds?

 

Thanks!

KR,

Rena

3 REPLIES
Cisco Employee

You can configure IDS

You can configure IDS signatures, or bit-pattern matching rules used to identify various types of attacks in incoming 802.11 packets, on the controller. When the signatures are enabled, the access points joined to the controller perform signature analysis on the received 802.11 data or management frames and report any discrepancies to the controller. If an attack is detected, appropriate mitigation is initiated.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-5/config_guide/b_cg75/b_cg75_chapter_0111110.html#d162818e187a1635

New Member

Thanks for the answer. What I

Thanks for the answer. What I need are best practice thresholds for those signatures, because the default thresholds seem to be very sensitive.

On aggressive environments, a

On aggressive environments, a helpful feature is to enable access point authentication with a threshold of 2. This permits both to detect possible impersonation and minimize false positive detections.

This is how to configure:

config wps ap-authentication enable
config wps ap-authentication threshold 2
91
Views
0
Helpful
3
Replies
CreatePlease to create content