About aWIPS Profiles
aWIPS profile configuration allows you to select the required signatures, configure the threshold values used in the detection of aWIPS denial of service (DoS) attacks, and enable forensic capture at the signature level. Threshold configuration helps to adjust the number of alarms that are generated for a specific duration for each aWIPS signature.
aWIPS profile configuration support is available for the following devices with software version 17.4 and later:
-
Cisco Catalyst 9800 Series Wireless Controller
-
Cisco Catalyst 9800-CL Cloud Wireless Controller
-
Cisco Embedded Wireless Controller on Catalyst Access Points
-
Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9300 Series Switches
-
Cisco Catalyst 9400 Series Switches
-
Cisco Catalyst 9500 Series Switches
Note |
For SD-Access use cases only, you must enable the wireless module on Cisco Catalyst 9300 Series Switches, Cisco Catalyst 9400 Series Switches, and Cisco Catalyst 9500 Series Switches for aWIPS profiles to work. |
Prerequisites for aWIPS Profile
-
Verify the network connectivity between the Cisco Wireless Controller and Catalyst Center.
-
Make sure that the network device is reachable from Catalyst Center and has downloaded the aWIPS profile configuration from Catalyst Center.
-
For forensic capture to take place make sure that there is network connectivity between APs and Catalyst Center.
-
For forensic capture to take place make sure that the Google Protocol RPC (gRPC) tunnel interface has been established between APs and Catalyst Center. Use the show ap icap connection command to make sure that the status is READY.
-
For forensic capture to take place the required ports must be opened between Catalyst Center and network device links.
-
For forensic capture to take place there should be no time lag between Catalyst Center and access points.
-
If you have upgraded Catalyst Center from a release earlier than Release 2.2.1, you must disable and enable aWIPS from the Rogue and aWIPS dashboard to subscribe to an additional subscription. For more information, see Monitor the Rogue Management and aWIPS Dashboard.
Note
For a new installation of Catalyst Center, you do not have to disable and enable aWIPS from the Rogue and aWIPS dashboard to subscribe an additional subscription.