The Cisco Intrusion Detection System/Intrusion Prevention System (CIDS/CIPS) instructs switchescontrollers
to block certain clients from accessing the wireless network when attacks involving these clients are detected at Layer 3 through Layer 7. This system offers significant network protection by helping to detect, classify, and stop threats including worms, spyware/adware, network viruses, and application abuse. Two methods are available to detect potential attacks:
IDS sensors can be configured to detect various types of IP-level attacks in the network. When the sensors identify an attack, they can alert the switchcontroller to shun the offending client. When a new IDS sensor is added, the IDS sensor should be registered with the switchcontroller so that the switchcontroller can query the sensor to get the list of shunned clients.
When an IDS sensor detects a suspicious client, it alerts the switchcontroller to shun this client. The shun entry is distributed to all switchescontrollers within the same mobility group. If the client to be shunned is currently joined to a switchcontroller in this mobility group, the anchor switchcontroller adds this client to the dynamic exclusion list, and the foreign switchcontroller removes the client. The next time that the client tries to connect to a switchcontroller, the anchor switchcontroller rejects the handoff and informs the foreign switchcontroller that the client is being excluded.