RF Domain Sensor Configuration

The Wireless Intrusion Protection System (WIPS) protects clients and access point radio traffic from attacks and unauthorized wireless network access. WIPS provides tools for standards compliance and around-the-clock wireless network security in a distributed environment. WIPS allows administrators to identify and accurately locate attacks, rogue devices and network vulnerabilities (in real time), and permits both wired and wireless device lockdowns upon threat acknowledgement.

In addition to dedicated AirDefense sensors, an access point radio can function as a sensor and upload information to an external WIPS server. Unique WIPS server configurations can be used by RF Domains to ensure a WIPS server configuration is available to support the unique data protection needs of individual RF Domains.

WIPS is not supported on a WLAN basis, rather sensor functionality is supported on the access point radio(s) available to each managed WLAN. When an access point radio is functioning as a WIPS sensor, it's able to scan (in sensor mode) across all legal channels within the 2.4 and 5.0 GHz radio bands. Sensor support requires an AirDefense WIPS Server on the network. Sensor functionality is not provided by the access point alone. The access point works in conjunction with a dedicated WIPS server.

The AP 7522, AP 7532, AP 7562, AP 8432 and AP 8533 model access points can also function as ExtremeLocation sensors. ExtremeLocation is a highly scalable indoor locationing platform that gathers location-related analytics, such as visitor trends, peak and off-peak times, dwell time, heat-maps, etc. to enable entrepreneurs deeper visibility at a venue. To enable the location tracking system, the ExtremeLocation server should be up and running and the RF Domain Sensor configuration should point to the ExtremeLocation server.

To define a WIPS server configuration used with a RF Domain:

1. From the RF Domain screen, either select the Add button or highlight an existing policy and select Edit.

   An existing policy can also be modified by selecting it directly from the RF Domain Browser.

2. Select the Sensor item from within the RF Domain screen.
3. Use the Sensor Policy drop-down menu to select a Sensor policy to send RSSI information to a dedicated system for device locationing calculations. If no Sensor policy exists, use the Create icon to create a new Sensor policy. Or, use the Edit icon to edit an existing Sensor policy if required.

   Different policies can be created with either a default set of scanned channels or with custom channels, widths and weighted scan priorities. Specific channels can also be isolated and locked for specific channel scans.

   If a dedicated sensor is utilized with ADSP for rogue detection, any sensor policy selected from the Sensor Policy drop-down menu is discarded and not utilized by the sensor. To avoid this situation, use ADSP channel settings exclusively to configure the sensor and not the WiNG interface.

4. Select the + Add Row button to populate the ExtremeLocation Appliance Configuration table with up to one ExtremeLocation server credentials.

   Server Id	Use the spinner control to assign a DNS hostname of the ExtremeLocation resource. As of now only one (1) ExtremeLocation sever can be configured. Note: The ExtremeLocation sensor capabilities are supported only on the AP 7522, AP 7532, AP 7562, AP 7602, AP 7612, AP 7622, AP 8432, and AP 8533model access points.
   IP Address/Hostname	Provide the ExtremeLocation server's hostname. When configured, access points within the RF Domain post location-related analytics to the specified ExtremeLocation server. Note: Enter the server‘s hostname and not the IP address, as the IP address is likely to change periodically in order to balance load across multiple Location server instances.
   Port	Use the spinner control to specify the port for the ExtremeLocation server. This is the port on which the ExtremeLocation server is reachable. The default port is 443.

5. Enter the ExtremeLocation Tenant‘s account number in the Tenant Account field.

   Use this field to configure your ExtremeLocation Tenant account number. ExtremeLocation Tenants, at the time of registration, are communicated (via email) an account number uniquely identifying the Tenant. Configure this account number in the RF Domain context. When configured, RF Domain AP reports, pushed to the ExtremeLocation server, include the Tenant's account number along with the reporting AP's MAC address. Including the Tenant account number reinforces the Tenant's identity..

6. Select the + Add Row button to populate the Sensor Appliance Configuration table with up to three rows for server credentials:

   Server Id	Use the spinner control to assign a numerical ID for up to three ADSP server resources. The server with the lowest defined ID is the first reached by the controller or service platform. The default ID is 1.
   IP Address/Hostname	Provide the numerical (non DNS) IP address or hostname of each server used as a ADSP sensor server by RF Domain member devices. A hostname cannot exceed 64 characters or contain an underscore.
   Port	Use the spinner control to specify the port of each ADSP sensor server utilized by RF member devices. The default port is 443.

7. Select the Enable NSight Sensor option, within the NSight Sensor field, to enable the sensor module. This option is disabled by default.
8. Select OK to save the changes to the Sensor configuration, or select Reset to Revert to the last saved configuration.