Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
0
Helpful
3
Replies

Best Practise for WLC IDS Signature Thresholds

Rene S.
Level 1
Level 1

‎06-11-2014 01:33 AM - edited ‎07-05-2021 12:59 AM

Hi, are there any best practices for WLC IDS Signature thresholds?

 

Thanks!

KR,

Rena

Labels:
0 Helpful
3 Replies 3

mohanak
Cisco Employee
Cisco Employee

‎06-11-2014 03:28 AM

You can configure IDS signatures, or bit-pattern matching rules used to identify various types of attacks in incoming 802.11 packets, on the controller. When the signatures are enabled, the access points joined to the controller perform signature analysis on the received 802.11 data or management frames and report any discrepancies to the controller. If an attack is detected, appropriate mitigation is initiated.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-5/config_guide/b_cg75/b_cg75_chapter_0111110.html#d162818e187a1635

0 Helpful

Rene S.
Level 1
Level 1
In response to mohanak

‎06-16-2014 05:23 AM

Thanks for the answer. What I need are best practice thresholds for those signatures, because the default thresholds seem to be very sensitive.

0 Helpful

Saurav Lodh
Level 7
Level 7

‎06-16-2014 11:47 PM

On aggressive environments, a helpful feature is to enable access point authentication with a threshold of 2. This permits both to detect possible impersonation and minimize false positive detections.

This is how to configure:

config wps ap-authentication enable
config wps ap-authentication threshold 2
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card