|
1. |
From the main menu, choose .
The Rogue and aWIPS window opens. By default, Catalyst Center displays the Overview dashboard.
Note
If a Cisco AireOS Controller does not meet the minimum software version required, a notification appears at the top of the dashboard. Click Go To Devices in the notification to upgrade to the supported version.
|
|
2. |
In the Site menu, click Global.
The Site Selector slide-in pane appears.
-
Enter a site name in the Search Hierarchy search bar or expand Global to select a site.
Note
-
If a site has more than 254 subsites, by default that site is disabled.
-
Site hierarchies without floors are not listed in the site selector slide-in pane.
|
|
3. |
From the Actions drop-down list, choose to enable rogue subscription on the Cisco Wireless Controller and the Cisco Catalyst 9800 Series Wireless Controller.
Note
This is a global setting. When enabled, the rogue telemetry subscription is applied to all devices currently present, regardless of site. Any new device added later will automatically receive this subscription during the site assignment process.
|
|
4. |
Click Yes in the Warning dialog box that appears. |
|
5. |
In the Rogue and aWIPS Subscription slide-in pane, complete these steps to enable the rogue subscription:
Note
The Configuration Preview tab appears only when the Configuration Preview is enabled. For information on how to enable configuration preview or ITSM approval, see the "Enable Visibility and Control of Configurations" topic in the Cisco Catalyst Center Administrator Guide.
-
Schedule the task for deployment.
Depending on Visibility and Control of Configurations settings, you can either:
-
On the Tasks window, monitor the task deployment.
|
|
6. |
Choose to disable the rogue actions temporarily. |
|
7. |
Click Yes in the Warning dialog box that appears.
When the rogue management functionality is disabled, data from the wireless controller is not pushed to Catalyst Center until re-enabled.
|
|
8. |
In the Rogue and aWIPS Subscription slide-in pane, follow these steps to disable the rogue subscription:
-
Schedule the task for deployment.
Depending on Visibility and Control of Configurations settings, you can either:
-
On the Tasks window, monitor the task deployment.
|
|
9. |
Choose to view the rogue configuration job status. |
|
10. |
Filter the rogue subscription status by All, Failure, Success, or In Progress by clicking the corresponding tabs.
The Operation column shows Enable if the rogue-detection operation is enabled successfully on the wireless controller.
The Status column shows Success if the subscription configuration changes are successfully pushed to the wireless controller.
|
|
11. |
Choose to enable aWIPS data collection on Catalyst Center. |
|
12. |
In the Warning dialog box that opens, click Yes. |
|
13. |
In the Rogue and aWIPS Subscription slide-in pane, follow these steps to enable the aWIPS subscription:
Note
The Configuration Preview tab appears only when the Configuration Preview is enabled. For information on how to enable configuration preview or ITSM approval, see the "Enable Visibility and Control of Configurations" topic in the Cisco Catalyst Center Administrator Guide.
-
Schedule the task for deployment.
Depending on Visibility and Control of Configurations settings, you can either:
-
On the Tasks window, monitor the task deployment.
|
|
14. |
Choose to disable the aWIPS actions temporarily.
Click Yes in the Warning dialog box that appears.
|
|
15. |
In the Rogue and aWIPS Subscription slide-in pane, complete these steps to disable the aWIPS subscription:
-
Schedule the task for deployment.
Depending on Visibility and Control of Configurations settings, you can either:
-
On the Tasks window, monitor the task deployment.
|
|
16. |
Choose to view the aWIPS subscription status. |
|
17. |
Click the corresponding tabs to filter the aWIPS subscription status by All, Failure, Success, or In Progress.
The Operation column shows Enable if the aWIPS subscription operation is enabled successfully on the wireless controller.
The Status column shows Success if the subscription configuration changes are successfully pushed to the wireless controller.
|
|
18. |
Use the Threats dashlets to display this information:
-
TOTAL ROGUE THREATS: Displays the total number of rogue threats.
Note
Catalyst Center aggregates threats to reduce the total number of reported threats. As a result, the number of rogue threats shown on the Catalyst 9800 Series Wireless Controller may not exactly match the number shown in Catalyst Center. However, no threat information is lost during this aggregation process.
-
TOTAL AWIPS THREATS: Displays the total number of aWIPS threats.
-
TOTAL UNIQUE ROGUE CLIENTS: Displays the total number of unique rogue clients.
-
ROGUES CONTAINED: Displays the total number of rogues contained.
The Active High Threats and High Threats Over Time graphs display threat details according to the selected timeline.
|
|
19. |
The Active High Threats, Top Locations Affected, and High Threats Over Time graphs display information about rogue APs detected in the last three hours by default. The graph information is based on the time interval that you select from the Hours drop-down list.
|
|
20. |
Use the High Threats Summary dashlet to display this information:
| High Threats Summary dashlet |
| Item |
Description |
| Active High Threats |
Displays information about active threat levels in the form of a donut graph. You can filter the active high threats by Top 10 or All threat types. Click each colored slice of the donut graph to view detailed information about the threats. Hover your cursor over the graph to see the number of active high threats. Click All to display the threat types and counts in a table format. |
| Top Locations Affected |
Displays the top five locations affected per selected site for high threats. |
|
|
21. |
Use the High Threats Over Time dashlet to display this information:
| High Threats Over Time dashlet |
| Item |
Description |
| Threats Over Time |
Displays detailed information about high threats over time, based on the selected time period. Click each threat type listed under Total Active High Threat. Threat information displays in a graph view. High threat deviation is measured on a color value scale:
-
Green indicates threat deviation that is less than 0.
-
Orange indicates threat deviation from 0 to 9.
-
Red indicates threat deviation that is more than or equal to 10.
Hover your cursor over the graph to view the number of high threats that occurred at a particular time. |
| View Threats |
Click View Threats to view the threats table. A list of high threats appear. |
|
|
22. |
Use the Threats By Location dashlet to view information about threats in the map view:
| Location option |
| Item |
Description |
| 
Map View |
Click this toggle button to display a map view of the locations affected by threats. Hover your cursor over the corresponding location in the map to view all the threat levels and counts. |
|  List View |
Click this toggle button to display a list view of the locations affected by threats. |
|
|
23. |
Use the Threat Setting Summary dashlet to view this information:
| Threat Setting Summary dashlet |
| Item |
Description |
| Allowed AP List |
Displays information about the allowed AP count and configured threat level. Click View Details to display the Allowed List window to view detailed information on the Allowed Access Point List. |
| Allowed Vendor List |
Displays information about the allowed vendors count and configured threat level. Click View Details to display the Allowed List window to view information on the Allowed Vendor List. |
| Rogue Rule |
Displays information about a rule, its conditions type, associated rule profiles, and threat level. Click View Details to display the Rules window to view detailed information on rogue rules. |
|
|
24. |
(Optional) Use the Tips dashlet for a direct link to workflows such as Create Allowed AP List, Create Allowed Vendor List, Create Rogue Rule, and so on. |
|
25. |
(Optional) Click View All to view all the available workflows. |