12-31
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-11350-01
Chapter12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services
Configuring Access Points to Participate in WIDS
Configuring Access Points to Participate in WIDS
To participate in WIDS, access points must be configured to participate in WDS and in radio
management. Follow the steps in the “Configuring Access Points to use the WDS Device” section on
page 12-14 and in the “Configuring Radio Management” section on page 12-29 to configure the access
point to participate in WDS and in radio management.

Configuring the Access Point for Scanner Mode

In scanner mode, the access point scans all of its channels for radio activity and reports the activity to
the WDS device on your network. A scanner access point does not accept client associations.
Beginning in privileged EXEC mode, follow these steps to set the access point radio network role to
scanner:

Configuring the Access Point for Monitor Mode

When an access point is configured as a scanner it can also capture frames in monitor mode. In monitor
mode, the access point captures 802.11 frames and forwards them to the WIDS engine on your network.
The access point adds a 28-byte capture header to every 802.11 frame that it forwards, and the WIDS
engine on your network uses the header information for analysis. The access point uses UDP packets to
forward captured frames. Multiple captured frames can be combined into one UDP packet to conserve
network bandwidth.
In scanner mode the access point scans all channels for radio activity. However, in monitor mode the
access point monitors only the channel for which the access point radio is configured.
Note If your access point contains two radios, both radios must be configured for scanner mode before you
can configure monitor mode on the interfaces.
Beginning in privileged EXEC mode, follow these steps to configure the access point to capture and
forward 802.11 frames:
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 interface dot11radio { 0 | 1 } Enter interface configuration mode for the radio interface. The
2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.
Step3 station role scanner Set the access point role to scanner.
Step4 end Return to privileged EXEC mode.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 interface dot11radio {0 | 1} Enter interface configuration mode for the radio interface. The
2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.