06-11-2014 01:33 AM - edited 07-05-2021 12:59 AM
Hi, are there any best practices for WLC IDS Signature thresholds?
Thanks!
KR,
Rena
06-11-2014 03:28 AM
You can configure IDS signatures, or bit-pattern matching rules used to identify various types of attacks in incoming 802.11 packets, on the controller. When the signatures are enabled, the access points joined to the controller perform signature analysis on the received 802.11 data or management frames and report any discrepancies to the controller. If an attack is detected, appropriate mitigation is initiated.
06-16-2014 05:23 AM
Thanks for the answer. What I need are best practice thresholds for those signatures, because the default thresholds seem to be very sensitive.
06-16-2014 11:47 PM
On aggressive environments, a helpful feature is to enable access point authentication with a threshold of 2. This permits both to detect possible impersonation and minimize false positive detections.
This is how to configure:
config wps ap-authentication enable config wps ap-authentication threshold 2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide