Consolidated Platform Configuration Guide, Cisco IOS XE 3.3SE (Catalyst 3850 Switches)

Preface
Using the Command-Line Interface
Using the Web Graphical User Interface
- Configuring Cisco CleanAir
- Configuring Flexible NetFlow
- Configuring Interface Characteristics
- Configuring Auto-MDIX
- Configuring Ethernet Management Port
- Configuring LLDP, LLDP-MED, and Wired Location Service
- Configuring System MTU
- Configuring Internal Power Supplies
- Configuring PoE
- Configuring EEE
- Configuring IGMP
- Configuring Wireless Multicast
- Configuring PIM
- Configuring SSM
- Configuring Basic IP Multicast Routing
- Configuring the Service Discovery Gateway
- Configuring MLD Snooping
- Configuring IPv6 Unicast Routing
- Configuring IPv6 Client IP Address Learning
- Configuring IPv6 WLAN Security
- Configuring IPv6 ACL
- Configuring IPv6 Web Authentication
- Configuring IPv6 Client Mobility
- Configuring IPv6 Mobility
- Configuring IPv6 NetFlow
- Configuring Spanning Tree Protocol
- Configuring Multiple Spanning-Tree Protocol
- Configuring Optional Spanning-Tree Features
- Configuring EtherChannels
- Configuring Flex Links and the MAC Address-Table Move Update Feature
- Configuring UniDirectional Link Detection
- Configuring the Switch for Access Point Discovery
- Configuring Data Encryption
- Configuring Retransmission Interval and Retry Count
- Configuring Adaptive Wireless Intrusion Prevention System
- Configuring Authentication for Access Points
- Converting Autonomous Access Points to Lightweight Mode
- Using Cisco Workgroup Bridges
- Configuring Probe Request Forwarding
- Optimizing RFID Tracking
- Configuring Country Codes
- Configuring Link Latency
- Configuring Power over Ethernet
- Information About Mobility
- Mobility Network Elements
- Mobility Control Protocols
- Configuring Mobility
- Configuring Cisco IOS Configuration Engine
- Configuring the Cisco Discovery Protocol
- Configuring Simple Network Management Protocol
- Configuring Cache Services Using the Web Cache Communication Protocol
- Configuring Service Level Agreements
- Configuring SPAN and RSPAN
- Configuring Wireshark
- Configuring QoS
- Configuring Auto-QoS
- Configuring Radio Resource Management
- Configuring MSDP
- Configuring IP Unicast Routing
- Preventing Unauthorized Access
- Controlling Switch Access with Passwords and Privilege Levels
- Configuring TACACS+
- Configuring RADIUS
- Configuring Kerberos
- Configuring Local Authentication and Authorization
- Configuring Secure Shell (SSH)
- Configuring Secure Socket Layer HTTP
- Configuring IPv4 ACLs
- Configuring IPv6 ACLs
- Configuring DHCP
- Configuring IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring Web-Based Authentication
- Configuring Port-Based Traffic Control
- Configuring IPv6 First Hop Security
- Configuring Cisco TrustSec
- Configuring Wireless Guest Access
- Managing Rogue Devices
- Classifying Rogue Access Points
- Configuring wIPS
- Configuring Intrusion Detection System
- Managing Switch Stacks
- Configuring Cisco NSF with SSO
- Configuring Wireless High Availability
- Administering the System
- Performing Switch Setup Configuration
- Configuring Right-To-Use Licenses
- Configuring Administrator Usernames and Passwords
- Configuring 802.11 parameters and Band Selection
- Configuring Aggressive Load Balancing
- Configuring Client Roaming
- Configuring Application Visibility and Control
- Configuring Voice and Video Parameters
- Configuring RFID Tag Tracking
- Configuring Location Settings
- Monitoring Flow Control
- Configuring SDM Templates
- Configuring System Message Logs
- Configuring Online Diagnostics
- Managing Configuration Files
- Configuration Replace and Configuration Rollback
- Working with the Flash File System
- Working with Cisco IOS XE Software Bundles
- Troubleshooting the Software Configuration
- Configuring VideoStream
- Configuring VideoStream GUI
- Configuring VTP
- Configuring VLANs
- Configuring VLAN Groups
- Configuring VLAN Trunks
- Configuring Voice VLANs
- Configuring DHCP for WLANs
- Configuring WLAN Security
- Configuring Access Point Groups
Index

Configuring Intrusion Detection System

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the <TBD>

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Information About Intrusion Detection System

The Cisco Intrusion Detection System/Intrusion Prevention System (CIDS/CIPS) instructs switches to block certain clients from accessing the wireless network when attacks involving these clients are detected at Layer 3 through Layer 7. This system offers significant network protection by helping to detect, classify, and stop threats including worms, spyware/adware, network viruses, and application abuse. Two methods are available to detect potential attacks:

IDS sensors
IDS signatures

IDS sensors can be configured to detect various types of IP-level attacks in the network. When the sensors identify an attack, they can alert the switch to shun the offending client. When a new IDS sensor is added, the IDS sensor should be registered with the switch so that the switch can query the sensor to get the list of shunned clients.

When an IDS sensor detects a suspicious client, it alerts the switch to shun this client. The shun entry is distributed to all switches within the same mobility group. If the client to be shunned is currently joined to a switch in this mobility group, the anchor switch adds this client to the dynamic exclusion list, and the foreign switch removes the client. The next time that the client tries to connect to a switch, the anchor switch rejects the handoff and informs the foreign switch that the client is being excluded.

How to Configure Intrusion Detection System

Configuring IDS Sensors

Procedure

	Command or Action	Purpose
Step 1	configure terminal Example: Device# `configure terminal`	Enters global configuration mode.
Step 2	wireless wps cids-sensor index [ip-address ip-addr username username password password_type password] Example: Device(config)# `wireless wps cids-sensor 2 231.1.1.1 admin pwd123`	Configures the IDS sensors that holds and internal index number. The index parameter determines the sequence in which the controller consults the IDS sensors. The controller supports up to five IDS sensors. ip-address– [optional] Provide the IP address for the IDS. username– [optional] Configures the username for the IDS. password– [optional] Configures the password for the respective username.
Step 3	wireless wps cids-sensor index Example: Device(config)# `wireless wps cids-sensor 1`	Enters the IDS configuration submode.
Step 4	[default exit fingerprint interval no port shutdown] Example: Device(config-cids-index)# `default`	Configures various IDS parameters. default– [optional] Sets a command to its default. exit– [optional] Exits the submode. fingerprint– [optional] Configures the sensor's TLS fingerprint. interval– [optional] Configures the sensor's query interval. The range is between 10-3600 seconds. no– [optional] Negates a command or set its defaults. port– [optional] Configures the sensor's port number. shutdown– [optional] Shuts down the intrusion detection sensor.
Step 5	end Example: Device(config)# `end`	Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.

Monitoring Intrusion Detection System

Table 1 Commands for Monitoring Wireless Multicast
Commands	Description
show wireless wps cids-sensor index	Displays the IDS configuration of the IDS sensor with the mentioned index value.
show wireless wps cids-sensor summary	Displays the list of all the configured IDS with their respective values like index, ip-address, port number, interval value, status and last query.
show wireless wps shun-list	Displays the list of the IDS shun list.

Book Title

Chapter Title

Results

Chapter: Configuring Intrusion Detection System

Configuring Intrusion Detection System

Finding Feature Information

Information About Intrusion Detection System

Configuring IDS Sensors

Monitoring Intrusion Detection System

Was this Document Helpful?

Let Us Help

Consolidated Platform Configuration Guide, Cisco IOS XE 3.3SE (Catalyst 3850 Switches)

Results

Chapter: Configuring Intrusion Detection System

Configuring Intrusion Detection System

Finding Feature Information

Information About Intrusion Detection System

Configuring IDS Sensors

Monitoring Intrusion Detection System

Was this Document Helpful?

Let Us Help

Share