About Advanced Wireless Intrusion Prevention System Short Desc With each subsequent arrival of a packet from the same flow, the cache entry is updated. Flow records persist within the line card's cache until they age out due to timer expiration.
You can quickly view the precise location details of a specific rogue AP or rogue client on a floor map, in the Threat 360° view.
You can get these details only after detecting the AP's strongest signal strength. You can get the exact location of your rogue AP or rogue client using the Cisco Connected Mobile Experiences (CMX) or Cisco Spaces integration.
Procedure
|
1. |
From the main menu, choose . |
|
2. |
To launch the Threat 360° view for a particular rogue AP or aWIPS threat, click the corresponding row in the Threats table.
The Threat 360° pane opens.
The upper part of the pane displays this information:
The middle part of the pane shows the estimated location of a rogue AP or a threat on the floor map:
Note
The Floor Map section does not display for the global location.
Catalyst Center makes a best effort to detect the rogue vendor name. If the vendor name isn’t available, the name is shown as “UNKNOWN.”
|
|
3. |
Complete any of these tasks as needed:
-
Click the  icon at the right corner of the floor map to see the IP address of the wireless controller that manages the APs, along with the reachability status.
-
Click the  icon at the right corner of the floor map to zoom in on a location. Zoom levels depend on the image resolution. High-resolution images provide more zoom levels. Each zoom level consists of a map style shown at a different scale with specific details. Some maps may use the same style at different scales.
-
Click the  icon to see a map with fewer details.
-
Click the  icon to view the details of the map icons.
This table explains the floor map icons.
Table 1.
Map icons and descriptions
| Floor map icon |
Description |
| Devices |
| 
|
Access Point |
| 
|
Sensor |
| 
|
Rogue AP |
| 
|
Marker |
| 
|
Planned AP |
| 
|
Switch |
| 
|
Interferer |
| 
|
Client |
| 
|
Rogue Client |
| 
|
Reporting AP |
| 
|
Detecting AP |
| Average Health Score |
| 
|
Health score: 8-10 |
| 
|
Health score: 4-7 |
|  |
Health score:1-3 |
| 
|
Health score: Unknown |
| AP Status |
| 
|
Covered by sensor |
| 
|
Not covered by sensor |
|
|
4. |
You can do these tasks in the area under the Threat 360° pane:
-
Click the Switch Port Detail tab to get rogue-on-wire details, including Host Mac, Device Name, Device IP, Interface Name, Last Updated, Port Mode, and Admin Status.
Note
Note
Cisco switches are required for detecting rogue devices on the wired network.
-
Click the Detections tab to view information such as Detecting AP, Detecting AP Site, Adhoc, Rogue SSID, RSSI (dBM), Channels, Radio Type, SNR, State, and Last Updated.
Note
Although the wireless controller shows all detecting APs for a given BSSID, Catalyst Center shows only the strongest detecting AP for a given BSSID per wireless controller in the Threat 360° view.
-
Click the Filter ( ) icon at the left end of the table to narrow down the search results based on Rogue SSID, RSSI, Radio Type, Security, and SNR.
-
Click the Export icon and save the file to your system.
-
Click the Clients tab to view details such as MAC Address, Gateway Mac, Rogue AP Mac, IP Address, and Last Heard about the clients that are associated with the rogue AP.
-
Click the Forensic Captures tab to view details such as Detecting AP, Detecting AP Site and Last Updated.
Note
The Forensic Captures tab is shown only for aWIPS threats.
-
Click the Filter () icon at the left end of the table to limit the results based on your search criteria.
|