Configure aWIPS profiles to select required signatures, set thresholds for detecting denial of service (DoS) attacks, and enable forensic capture at the signature level. Adjust thresholds to control the number of alarms generated for each aWIPS signature during a specific time period.

This table lists the supported devices for aWIPS profile configuration for various versions of Catalyst Center:

Note

For SD-Access use cases, for aWIPS profiles to work, you must enable the wireless module on Cisco Catalyst 9300 Series Switches, Cisco Catalyst 9400 Series Switches, and Cisco Catalyst 9500 Series Switches.

• Verify the network connectivity between the Cisco Wireless Controller and Catalyst Center.

• Make sure that the network device is reachable from Catalyst Center and has downloaded the aWIPS profile configuration from Catalyst Center.

  Note

  To avoid aWIPS profile download failures in a Fabric in a Box SD-Access setup, ensure that the Infrastructure Virtual Network (Infra_VN) uses a routable IP subnet in the global routing table.

• To enable forensic capture, complete these tasks:

  • Ensure there is network connectivity between APs and Catalyst Center.

  • Establish the Google Remote Procedure Call (gRPC) tunnel interface between APs and Catalyst Center. Use the show ap icap connection command to confirm that the status is READY.

  • Open the required ports between Catalyst Center and links to the network devices.

  • Configure an NTP server on the AP to prevent time lag between Catalyst Center and APs. For information, see the Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide, Cisco IOS XE Dublin 17.12.x.