The Cisco Intrusion Detection System/Intrusion Prevention System (CIDS/CIPS) instructs devices to block certain clients from accessing the wireless network when attacks involving these clients are detected at Layer 3
through Layer 7. This system offers significant network protection by helping to detect, classify, and stop threats including
worms, spyware/adware, network viruses, and application abuse. Two methods are available to detect potential attacks:
-
IDS sensors
-
IDS signatures
IDS sensors can be configured to detect various types of IP-level attacks in the network. When the sensors identify an attack,
they can alert the device to shun the offending client. When a new IDS sensor is added, the IDS sensor should be registered with the device so that the device can query the sensor to get the list of shunned clients.
When an IDS sensor detects a suspicious client, it alerts the device to shun this client. The shun entry is distributed to all devices within the same mobility group. If the client to be shunned is currently joined to a device in this mobility group, the anchor device adds this client to the dynamic exclusion list, and the foreign device removes the client. The next time that the client tries to connect to a device, the anchor device rejects the handoff and informs the foreign device that the client is being excluded.