I´m doing that and flooding to the core switch of my lab where I´m testing that, what do I have to see in NCS at the time I´m flooding with the software, what does WiPS must do in order with the attack???
What you have to do is to either impersonate the AP (send deauth messages to the client on behalf of your AP with your AP BSSID as the source MAC) or use floods DoS (authentication floods for example, a client that tries to maliciously send high number of auth requests to the AP and stops at that stage of state machine which will fill the Association table of the AP and prevents other clients form being able to connect).
Here is Cisco WIPS Policy Alarm Encyclopedia:
My question here would be: Do you have a Mobility Service Engine (MSE) in your infrastructure? That's necessary to be available with WIPS service running and that must be integrated with WLCs and NCS/Prime.
Rating useful replies is more useful than saying "Thank you"
Yes, I have Ucs with Ncs and MSE on virtual mode, 2 wlc 5508 and 1 ap 3602 with WiPS module, and one laptop doing DoS attacks , and when I do that, I only see the Mac on NCS map but nothing else happens, at this time i have MFP not configured because in the past we had some issues with the feature, do we have to configure it ????
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...