Configure a WIPS Policy

About this task

Unauthorized device detection needs to be activated for each WIPS policy. Whether currently activated or deactivated, a WIPS policy can have specific categorization policies defined and specific events activated for detection. Once defined, a WIPS policy is available for use with a controller or a service platform device profile.

Procedure

  1. Select Policies > WIPS.
    The WIPS dashboard opens.
  2. The WIPS dashboard displays the following read-only information:
    Setting Description
    Name Displays the name assigned to the WIPS policy when it was initially created. The name cannot be modified as part of the edit process
    Status Displays a green check mark if the listed WIPS policy is activated and ready for use with a profile. A red “X” designates the listed WIPS policy as deactivated
    Duplicate Detection Interval Displays the duration when event duplicates or redundant events are not stored in event history
  3. Select to create a new WIPS policy, to modify the attributes of a selected policy, or to remove obsolete policies from the list of available policies.
    If you are adding or editing an existing WIPS policy, the WIPS dashboard displays the Basic tab by default.
  4. For new policies, assign a unique name not exceeding 64 characters.
  5. Select Add to create a new policy.
    The Basic configuration dashboard opens.
  6. Configure the following WIPS policy basic settings:
    1. Toggle to deactivate WIPS Status. The WIPS Status is activated by default.
    2. Type an interval between 30 to 86,400 seconds in the Duplicate Event Detection Interval field. The default value is 120 seconds.
  7. Refer to the Rogue AP Detection settings to define the following detection settings for a WIPS policy:
    Setting Description
    Enable Select Enable to activate the detection of unauthorized devices for this WIPS policy. The default setting is not selected
    Wait Time to Determine AP Status Define a wait time in 10 through 600 seconds before a detected AP is interpreted as a rogue device, and potentially removed. The default interval is 60 seconds
    Ageout for AP Entries Set the interval the WIPS policy uses to age out rogue devices. Set the policy in 30 to 86,400 seconds. The default setting is 1,800 seconds
    Interference Threshold Specify an RSSI threshold from -100 to -10 dBm after which a detected access point is classified as a rogue device. The default value is -75 dBm
    Recurring Event Set an interval between 0 to 10,000 seconds. When the interval is exceeded, the policy duplicates a rogue AP event if the rogue device is still active in the network. The default setting is 300 seconds
    Air Termination Select Air Termination to activate the cancellation of detected rogue AP devices. Air termination lets you cancel the connection between your wireless LAN and any access point or client associated with it. If the device is a client, its connection with the access point is canceled. This setting is not selected by default
    Air Termination Channel Switch Select Air Termination Channel Switch to allow neighboring access points to switch channels for rogue AP cancellation. This setting is not selected by default
    Air Termination Mode If Air Termination is selected, use the drop-down list box to specify the cancellation mode used on detected rogue devices. The options are auto and manual, and the default setting is manual
  8. Select Save to update the settings.
9037026-03 Rev AA