About aWIPS Profiles
aWIPS profile configuration allows you to select the required signatures, configure the threshold values used in the detection of aWIPS denial of service (DoS) attacks, and enable forensic capture at signature level. Threshold configuration helps to adjust the number of alarms that are generated for a specific duration for each aWIPS signature.
aWIPS profile configuration support is available for the following devices with software Version 17.4 and later:
-
Cisco Catalyst 9800 Series Wireless Controller
-
Cisco Catalyst 9800-CL Cloud Wireless Controller
-
Cisco Embedded Wireless Controller on Catalyst Access Points
-
Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9300 Series Switches
-
Cisco Catalyst 9400 Series Switches
-
Cisco Catalyst 9500 Series Switches
Note |
You must enable the wireless module on Cisco Catalyst 9300 Series Switches, Cisco Catalyst 9400 Series Switches, and Cisco Catalyst 9500 Series Switches for aWIPS profiles to work (It is only applicable for SD-Access use cases). . |
Prerequisites for aWIPS Profile
-
Verify the network connectivity between the Cisco Wireless Controller and Cisco DNA Center.
-
Make sure that the network device is reachable from Cisco DNA Center and has downloaded the aWIPS profile configuration from Cisco DNA Center.
-
For forensic capture to take place make sure that there is network connectivity between APs and Cisco DNA Center.
-
For forensic capture to take place make sure that the Google Protocol RPC (gRPC) tunnel interface has been established between APs and Cisco DNA Center. Use the show ap icap connection command to make sure that the status is READY.
-
For forensic capture to take place the required ports must be opened between Cisco DNA Center and network device links.
-
For forensic capture to take place there should be no time lag between Cisco DNA Center and access points.
-
If you have upgraded Cisco DNA Center from a release earlier than Release 2.2.1, you must disable and enable aWIPS from the Rogue and aWIPS dashboard to subscribe to an additional subscription. For more information, see Monitor the Rogue Management and aWIPS Dashboard.
Note
For a new installation of Cisco DNA Center, you do not have to disable and enable aWIPS from the Rogue and aWIPS dashboard to subscribe an additional subscription.