|
1. |
From the main menu, choose .
Alternatively, you can create an aWIPS profile by choosing .
The Create an aWIPS Profile window opens.
|
|
2. |
Click Let's Do it.
The aWIPS Profile Creation window opens.
|
|
3. |
In the Profile Name field, enter a name for the aWIPS profile. |
|
4. |
The Signatures table lists these parameters for the aWIPS profile:
-
Signature: Shows the standard aWIPS signatures that detect DoS attacks.
-
Default Threshold: Shows the predefined threshold value for the respective aWIPS signature.
-
Configure Threshold: Shows the manually configured threshold value for the respective aWIPS signature.
-
Time Interval (In Seconds): Shows the time interval of packets.
-
Forensic Capture: Captures the aWIPS DoS attack packets in real time for the given signature.
|
|
5. |
In the Signature column, check the check box next to the aWIPS signature that you want to select or deselect for an aWIPS profile.
Note
If an aWIPS signature is not selected for an aWIPS profile, Catalyst Center does not detect the DoS attack for that particular aWIPS signature.
|
|
6. |
In the Configure Threshold column, for the selected aWIPS signature, enter the threshold value within the specified range that appears on top of the respective Configure Threshold field.
For some signatures, the configuration threshold is not applicable. For those signatures, the threshold configuration values appear as NA on top of the respective Configure Threshold field.
Note
The Configure Threshold value cannot contain alphanumeric characters.
|
|
7. |
In the Forensic Capture column, click the toggle button to enable or disable the forensic capture for a particular aWIPS signature.
Note
-
Catalyst Center does not allow you to edit the Default Threshold value and the Time Interval (In Seconds) value for the aWIPS profile.
-
If you enable forensic capture for an aWIPS signature, Catalyst Center allows you to download packets from the Threat 360 window.
-
If you disable forensic capture for an aWIPS signature, Catalyst Center does not capture the aWIPS DoS attack for the given signature.
-
Enabling Forensic Capture for RTS Flood and CTS Flood signatures might impact the performance of Catalyst Center.
|
|
8. |
(Optional) Click Reset to Default to get the default aWIPS profile configuration.
Note
The default aWIPS profile is configured for a high-security environment and is not suitable for general-purpose deployment. Configure the aWIPS profile based on your requirements.
|
|
9. |
Click Next.
Note
In the Configure Threshold column, for the selected aWIPS signature, if you enter a threshold value that is out of the specified range, an error message appears at the top of the Create an aWIPS Profile window, asking you to enter a value within the specified range.
|
|
10. |
In the Profile Summary window, the Profile Summary table displays the summary of the profile that was configured in the aWIPS Profile Creation window. |
|
11. |
Click Next. |
|
12. |
In the Profile Creation Done window, click Assign Profile to Device(s) to assign this aWIPS profile to a device.
The Assign aWIPS Profile window opens.
You can also assign an aWIPS profile to a device in the window by checking the check box next to the aWIPS profile name and choosing .
Note
You cannot assign more than one aWIPS profile to a device at a time.
|
|
13. |
In the Assigned WLCs column, click the number link to view the number of wireless controllers assigned to an aWIPS profile.
The Profile Assigned to WLC window shows these attributes of the network device:
-
Device Name: Shows the name of the network device.
-
IP Address: Shows the IP address of the network device.
-
Profile Config URL Push Status: Shows the status of pushing the profile configuration URL to the network device. The possible values are Success, Failure, or In Progress. If the status is Failure, hover your cursor over the i icon next to Failure to see the reason.
-
Profile Config Download Status (On Device): Shows the profile configuration download status on the device. The possible values are Success, Failure, and In Progress. If the status is Failure, hover your cursor over the i icon next to Failure to see the reason.
Note
-
If the aWIPS subscription is disabled on Catalyst Center, an error message appears at the top of the aWIPS Profile dashboard. You must have an aWIPS subscription to see the value of Profile Config Download Status (On Device). To subscribe the aWIPS data collection, enable aWIPS from the Rogue and aWIPS overview dashboard. See Monitor the Rogue Management and aWIPS dashboard.
-
HTTP protocol reachability must be possible between the device and Catalyst Center for the device to download the profile configuration from the profile configuration URL.
-
Forensic capture config Status: Shows the forensic capture configuration status on the default-ap-profile AP Join Profile on the device. The possible values are Success, Failure, and In Progress. If the status is Failure, hover your cursor over the i icon next to a Failure to see the reason.
-
Forensic Capture: Shows whether the forensic capture is enabled or disabled on the default-ap-join AP Join Profile on the device. Forensic capture on a custom AP join profile is not supported. Hover your cursor over the i icon next to the corresponding forensic capture. This tooltip appearss: Shows the current Forensic Capture status on default-ap-profile AP Join Profile on the device.
Note
In the Profile Assigned to WLC window, you cannot enable or disable Forensic Capture.
-
Assigned On: Shows the date and time when the aWIPS profile is assigned to the wireless controller.
|
|
14. |
Click Next.
The Profile Creation Done window opens.
|