Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

How to test WiPS on Wireless Infrastructure???

How can I test the wips functionallity on a wireless infrastructure using a wlc 5508,3700 APs with WiPS module, NCS PRIME 2.0 and MSE with WiPS?

At this time the APs are as local mode and wips sub mode on WLC 5508, and the WiPS licenses on NCS are installed.

What could be the best scenario(software, antennas, cards) to test the wireless security with this infrastructure?

 

REGARDS.

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Bronze

Hi,please go through below

Hi,

please go through below link which probably will remove you glitch.

http://www.cisco.com/c/en/us/td/docs/wireless/technology/wips/deployment/guide/WiPS_deployment_guide.html

You may use Kali Linux to do

You may use Kali Linux to do some wireless attacks on your network and see how they're being detected by your WIPs.

you may google for kali linux wireless attacks. here is one example link:

https://www.packtpub.com/books/content/kali-linux-%E2%80%93-wireless-attacks

 

Regards,

 

Amjad

Rating useful replies is more useful than saying "Thank you"
7 REPLIES
Bronze

Hi,please go through below

Hi,

please go through below link which probably will remove you glitch.

http://www.cisco.com/c/en/us/td/docs/wireless/technology/wips/deployment/guide/WiPS_deployment_guide.html

You may use Kali Linux to do

You may use Kali Linux to do some wireless attacks on your network and see how they're being detected by your WIPs.

you may google for kali linux wireless attacks. here is one example link:

https://www.packtpub.com/books/content/kali-linux-%E2%80%93-wireless-attacks

 

Regards,

 

Amjad

Rating useful replies is more useful than saying "Thank you"
Community Member

Thank you for your answer, I

Thank you for your answer, I´ll try to do that. REGARDS
Community Member

I´m doing that and flooding

I´m doing that and flooding to the core switch of my lab where I´m testing that, what do I have to see in NCS at the time I´m flooding with the software, what does WiPS must do in order with the attack??? REGARDS

What you have to do is to

What you have to do is to either impersonate the AP (send deauth messages to the client on behalf of your AP with your AP BSSID as the source MAC) or use floods DoS (authentication floods for example, a client that tries to maliciously send high number of auth requests to the AP and stops at that stage of state machine which will fill the Association table of the AP and prevents other clients form being able to connect).

 

Here is Cisco WIPS Policy Alarm Encyclopedia:

http://goo.gl/LXBLW5

 

My question here would be: Do you have a Mobility Service Engine (MSE) in your infrastructure? That's necessary to be available with WIPS service running and that must be integrated with WLCs and NCS/Prime.

 

Regards,

 

Amjad

Rating useful replies is more useful than saying "Thank you"
Community Member

Yes, I have Ucs with Ncs and

Yes, I have Ucs with Ncs and MSE on virtual mode, 2 wlc 5508 and 1 ap 3602 with WiPS module, and one laptop doing DoS attacks , and when I do that, I only see the Mac on NCS map but nothing else happens, at this time i have MFP not configured because in the past we had some issues with the feature, do we have to configure it ????

You don't have to run MFP.

You don't have to run MFP. But you need to make sure that wIPS service is running correctly on on the MSE and MSE, NCS and WLC area all synched.

Have you followed the deployment guide and created wIPS profiles on NCS?

http://goo.gl/MgUxSU

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"
868
Views
0
Helpful
7
Replies
CreatePlease to create content