This chapter summarizes the Wireless Intrusion Protection Systems (WIPS) policy commands in the CLI command structure.
WIPS is an additional measure of security designed to continuously monitor the network for threats and intrusions. Along with wireless VPNs, encryptions, and authentication policies WIPS enhances the security of a WLAN.
The WIPS policy enables detection of intrusions and threats that a managed network is likely to encounter. However, the WIPS policy does not include threat mitigation configurations. These intrusions and threats are available within the WIPS policy configuration mode as pre configured, fixed events. Each event consists of a set of frames or anomalies that may be harmful to the managed network. You can enable/disable various aspects of each individual event.
In addition to event monitoring configuration, the WIPS policy allows you to configure a list of signatures. Unlike events, signatures are not fixed. You are free to define your own signatures based on a specific set of parameters. A signature is a rule, consisting of a set of fields to match and a corresponding set of actions in case of a match. By default, whenever a signature is matched an event log is triggered. This event log is similar to the one triggered upon an event. In addition to an event log, you can also configure other actions. Signatures have all the features supported by events. In fact most events are internally implemented as signatures.
A WIPS policy, once configured, has to be attached to a RF Domain to take effect. Multiple WIPS policies can be configured at the same time, but only one policy can be attached to a given RF Domain at any time.
Note
To attach a WIPS policy to a RF Domain, in the RF Domain configuration mode, execute the use → wips-policy → <WIPS-POLICY-NAME> command. For more information, see use (rf-domain-config-mode).Note
With this most recent release, AP7522 and AP7532 model access points can provide enhanced sensor support. AP7522 and AP7532 sensors can send data from off-channel-scans while in radio-share promiscuous/inline mode, in addition to the on-channel data captured in radio-share mode. ADSP uses the off-channel-scan data (in addition to the on-channel data) to monitor for rogue intrusions and trigger alarms. OTA Termination is triggered from ADSP to the appropriate radio-share AP to initiate termination.Note
AP7522 and AP7532 models also support shared part-time scanning using WIPS in WiNG (using off-channel-scans) and not ADSP. WIPS on WiNG is enhanced to add rogue detection/classification (wired side detection based of MAC Address Offset) and OTA (over-the-air) termination for AP7522 and AP7532 deployments.Use the (config) instance to configure WIPS policy commands. To navigate to the WIPS policy instance, use the following commands:
<DEVICE>(config)#wips-policy <POLICY-NAME>
nx9500-6C8809(config)#wips-policy test nx9500-6C8809(config-wips-policy-test)#? Wips Policy Mode commands: ap-detection Rogue AP detection enable Enable this wips policy event Configure an event history-throttle-duration Configure the duration for which event duplicates are not stored in history interference-event Specify events which will contribute to smart-rf wifi interference calculations no Negate a command or set its defaults signature Signature to configure use Set setting to use clrscr Clears the display screen commit Commit all changes made in this session do Run commands from Exec mode end End current mode and change to EXEC mode exit End current mode and down to previous mode help Description of the interactive help system revert Revert changes service Service Commands show Show running system information write Write running configuration to memory or terminal nx9500-6C8809(config-wips-policy-test)#