Intrusion Detection Service IDS | Cisco Systems OL-7426-03 specification

Intrusion Detection Service (IDS)

Intrusion Detection Service includes the following:

•Sensing Clients probing for “ANY” SSID

•Sensing if Cisco 1000 Series lightweight access points are being contained

•Notification of MiM Attacks, NetStumbler, Wellenreiter

•Management Frame Detection and RF Jamming Detection

•Spoofed Deauthentication Detection (AirJack, for example)

•Broadcast Deauthorization Detection

•Null Probe Response Detection

•Fake AP Detection

•Detection of Weak WEP Encryption

•MAC Spoofing Detection

•AP Impersonation Detection

•Honeypot AP Detection

•Valid Station Protection

•Misconfigured AP Protection

•Rogue Access Point Detection

•AD-HOC Detection and Protection

•Wireless Bridge Detection

•Asleep Detection / Protection

5/26/05	Intrusion Detection Service (IDS)
OL-7426-03

Image 57

Cisco Systems quick start 26/05 Intrusion Detection Service IDS OL-7426-03

Contents

26/05 All Rights Reserved OL-7426-03 Welcome to the Product Guide Products Legal InformationEnd User License Agreement 26/05 Legal Information OL-7426-03 26/05 Legal Information OL-7426-03 26/05 Legal Information OL-7426-03 Limited Warranty Disclaimer of Warranty Additional Open Source Terms Trademarks and Service Marks Cisco.com Obtaining DocumentationDocumentation DVD Ordering Documentation Documentation Feedback Reporting Security Problems in Cisco ProductsCisco Product Security Overview 26/05 Documentation Feedback OL-7426-03 Obtaining Technical Assistance Submitting a Service RequestCisco Technical Support Website 26/05 Obtaining Technical Assistance OL-7426-03 Obtaining Additional Publications and Information Definitions of Service Request Severity Class a Statement RF Radiation Hazard Warning Non-Modification StatementDeployment Statement Page Page Page Safety Considerations 26/05 Safety Considerations OL-7426-03Klasse 1 laserprodukt 26/05 Safety Considerations OL-7426-03 Waarschuwing Varoitus 26/05 Safety Considerations OL-7426-03 26/05 Safety Considerations OL-7426-03 26/05 Safety Considerations OL-7426-03 26/05 Safety Considerations OL-7426-03 26/05 Safety Considerations OL-7426-03 Manufacturer’s instructions. Statement Les piles usagées conformément aux instructions du fabricant Varoitus Warnung Avvertenza Aviso ¡Advertencia Varning Aviso ¡Advertencia 26/05 Safety Considerations OL-7426-03 26/05 Safety Considerations OL-7426-03 26/05 OL-7426-03 Table of Contents About Cisco Wireless LAN Controllers Solutions Tasks Starting and Stopping Linux Cisco WCS Troubleshooting with Cisco WCS References 26/05 OL-7426-03 26/05 Overviews References 26/05 About the Cisco Wireless LAN Solution OL-7426-03 About the Cisco Wireless LAN Solution Refer to the following for more information Full control of Cisco 1000 Series Lightweight Access Points Single-Cisco Wireless LAN Controller Deployments Multiple-Cisco Wireless LAN Controller Deployments About the Operating System Software About Operating System Security26/05 Operating System Software OL-7426-03 Configuration Requirements About Cisco Wlan Solution Wired Security26/05 Cisco Wlan Solution Wired Security OL-7426-03 Layer 2 and Layer 3 Lwapp Operation 26/05 Radio Resource Management RRM OL-7426-03 About Radio Resource Management RRM 26/05 Master Cisco Wireless LAN Controller OL-7426-03 About the Master Cisco Wireless LAN Controller Inter-Cisco Wireless LAN Controller Layer 2 Roaming Same-Cisco Wireless LAN Controller Layer 2 RoamingAbout Client Roaming Inter-Subnet Layer 3 Roaming 26/05 Client Location OL-7426-03 About Client Location Per-WLAN Assignment About External Dhcp ServersPer-Interface Assignment Security Considerations 26/05 Cisco Wlan Solution Mobility Group OL-7426-03 About Cisco Wlan Solution Mobility Groups 26/05 Cisco Wlan Solution Wired Connections OL-7426-03 About Cisco Wlan Solution Wired Connections About Access Control Lists About Cisco Wlan Solution WLANs26/05 Cisco Wlan Solution WLANs OL-7426-03 About Identity Networking About Power Over Ethernet About File Transfers26/05 Transferring Files OL-7426-03 26/05 Pico Cell Functionality OL-7426-03 Pico Cell Functionality 26/05 Intrusion Detection Service IDS OL-7426-03 Intrusion Detection Service IDS About Cisco Wireless LAN Controllers Cisco 2000 Series Wireless LAN Controllers26/05 Cisco Wireless LAN Controllers OL-7426-03 Cisco 4100 Series Wireless LAN Controllers Cisco 4400 Series Wireless LAN Controllers26/05 Cisco 4100 Series Wireless LAN Controllers OL-7426-03 Cisco 2000 Series Wireless LAN Controller Model Numbers Cisco 4100 Series Wireless LAN Controller Model NumbersCisco 4400 Series Wireless LAN Controller Model Numbers 26/05 Distribution System Ports OL-7426-03 About Distribution System Ports 26/05 Management Interface OL-7426-03 About the Management Interface About the AP-Manager Interface About Operator-Defined Interfaces26/05 AP-Manager Interface OL-7426-03 About the Service Port About the Virtual Interface26/05 Virtual Interface OL-7426-03 About the Service-Port Interface 26/05 Service-Port Interface OL-7426-03About the Startup Wizard About Cisco Wireless LAN Controller Memory Cisco Wireless LAN Controller Failover Protection26/05 Cisco Wireless LAN Controller Memory OL-7426-03 Cisco Wireless LAN Controller Automatic Time Setting Cisco Wireless LAN Controller Time ZonesNetwork Connections to Cisco Wireless LAN Controllers Cisco 2000 Series Wireless LAN Controllers Cisco 4100 Series Wireless LAN Controllers Cisco 4400 Series Wireless LAN Controllers Page 26/05 Cisco 1000 Series Lightweight Access Points OL-7426-03 About Cisco 1030 Remote Edge Lightweight Access Points Page Page External Antenna Connectors Antenna Sectorization802.11a Internal Antenna Patterns Page Page 802.11b/g Internal Antenna Patterns About Cisco 1000 Series Lightweight Access Point LEDs About Cisco 1000 Series Lightweight Access Point Connectors Page Page Page About Rogue Access Points Rogue Access Point Location, Tagging and Containment26/05 Rogue Access Points OL-7426-03 Page 26/05 Web User Interface OL-7426-03 About the Web User Interface 26/05 Command Line Interface OL-7426-03 About the Command Line Interface Features Cisco About the Cisco Wireless Control System26/05 Cisco Wireless Control System OL-7426-03 Base Cisco About Cisco WCS Base Cisco FeaturesRed Hat Enterprise Linux ES Server 26/05 Cisco WCS Base OL-7426-03 About Cisco WCS Location About the Cisco WCS User Interface26/05 Cisco WCS Location OL-7426-03 About Cisco WCS Cisco Wireless LAN Controller Autodiscovery About the Floor Plan Editor26/05 Floor Plan Editor OL-7426-03 About Cisco WCS Alarm Email Notification 26/05 Cisco WCS Alarm Email Notification OL-7426-03About Cisco WCS Location Calibration 26/05 Cisco 2700 Series Location Appliances OL-7426-03 About Cisco 2700 Series Location Appliances Solutions Layer 1 Solutions Cisco Wlan Solution SecurityLayer 2 Solutions 26/05 Cisco Wlan Solution Security OL-7426-03 Single Point of Configuration Policy Manager Solutions Layer 3 SolutionsRogue Access Point Solutions Rogue Access Point Challenges Simple, Cost-Effective Solutions Integrated Security Solutions Using the Web User Interface Enter a Primary Dhcp Server IP address Add a Gateway IP address 26/05 Using the Cisco WCS User Interface OL-7426-03 Using the Cisco WCS User Interface Create a new AP Manager Interface 26/05 Using the Cisco WCS User Interface OL-7426-03 Using the Web User Interface Using the Cisco WCS User Interface 26/05 Configuring a Firewall for Cisco WCS OL-7426-03 Configuring a Firewall for Cisco WCS Using the Command Line Interface Configuring the System for SpectraLink NetLink Telephones Using the Cisco Wireless Control System Page Using Management over Wireless Config network mgmt-via-wireless enable26/05 Management over Wireless OL-7426-03 Configuring a Wlan for a Dhcp Server Under General Policies, select the Admin Status Enabled box26/05 Configuring a Wlan for a Dhcp Server OL-7426-03 Customizing the Web Auth Login Screen Default Web Auth Operation26/05 Customizing the Web Auth Login Screen OL-7426-03 Customizing Web Auth Operation Figure Default Login Successful Screen Changing the Web Title Clearing and Restoring the Cisco Wlan Solution LogoChanging the Web Message Changing the Logo Downloading the Logo or Graphic Copying the Logo or Graphic to the Tftp ServerTransfer download start Clear webimage Sample Customized Web Auth Login Creating a Custom URL RedirectVerifying your Web Auth Changes Figure Sample Customized Login Screen Configuring Identity Networking for Operating System Radius AttributesQoS-Level Interface-Name ACL-Name Tunnel Attributes VLAN-TagPage 26/05 OL-7426-03 Cisco Wlan Solution Switch Web Interface OS Command Line Interface CLICisco Wireless Control System Cisco WCS Deployment and Quick Start Guides Cisco 2700 Series Location Appliances Troubleshooting Using a Local Serial Connection Using the Cisco Wlan Solution CLI26/05 Using the Cisco Wlan Solution CLI OL-7426-03 Logging Into the CLI 26/05 Logging Into the CLI OL-7426-03 Using a Remote Ethernet Connection CLI Tree Structure Logging Out of the CLIRoot Level 26/05 Logging Out of the CLI OL-7426-03 Navigating the CLI Config prompt Ent1Viewing Network Status 26/05 Navigating the CLI OL-7426-03 Collecting Cisco Wireless LAN Controller Parameters Configuring the Cisco Wireless LAN ControllerSystem Parameters Network Distribution System Parameters Config time MM/DD/YY Hhmmss Configuring System Parameters26/05 Configuring System Parameters OL-7426-03 Time and Date Country Config country code Where code = Configuring Cisco Wireless LAN Controller Interfaces Users and PasswordsSupported 802.11a and 802.11b/g Protocols Show wlan summary Verifying and Changing the Management Interface Creating, Assigning and Deleting Operator-Defined Interfaces Creating and Assigning the AP-Manager Interface Verifying and Changing the Virtual Interface Config interface delete operator-defined interface name Config interface hostname virtual DNS Host Name Configuring Spanning Tree ProtocolConfig spanningtree switch mode disable Enabling Web and Secure Web Modes 26/05 Creating Access Control Lists OL-7426-03 Creating Access Control Lists Configuring WLANs 26/05 Configuring WLANs OL-7426-03WLANs Config wlan blacklist Wlan id timeout Config wlan mac-filtering enable Wlan idVLANs 26/05 Local MAC Filter OL-7426-03 Config wlan security 802.1X enable/disable wlan id Config wlan vlan Wlan id untaggedConfig wlan security 802.1X encryption wlan id 40/104/128 Config wlan security 802.1X disable wlan id Layer 3 Security Config wlan security ipsec enable/disable Wlan idDynamic WPA Keys and Encryption IPSec IKE Authentication IPSec AuthenticationConfig wlan security ipsec ike DH-Group Wlan id group-id IPSec EncryptionI Config wlan security web enable/disable Wlan id Config wlan security ipsec ike lifetime Wlan id seconds Config wlan qos Wlan id bronze/silver/gold/platinum Quality of ServiceLocal Netuser Activating WLANs Configuring Radius Configuring Mobility GroupsConfig mobility group name groupname 26/05 Configuring Mobility Groups OL-7426-03 Configuring Other Ports and Parameters Configuring SnmpService Port 26/05 Configuring Snmp OL-7426-03 Radio Resource Management RRM 26/05 Configuring Other Ports and Parameters OL-7426-03Serial CLI Console Port 802.3x Flow Control Adding SSL to the Web User Interface Locally-Generated Certificate26/05 Adding SSL to the Web User Interface OL-7426-03 Externally-Generated Certificate Site Cert Updating the Operating System Software 26/05 Updating the Operating System Software OL-7426-03 26/05 Using the Startup Wizard OL-7426-03 Using the Startup Wizard Enter the Cisco Wlan Solution Mobility Group RF Group Name Locally-Generated Certificate Transfer download start Config certificate generate webauth Adding SSL to the 802.11 Interface26/05 Adding SSL to the 802.11 Interface OL-7426-03 Externally-Generated Certificate You Want to start? y/n y 26/05 Saving Configurations OL-7426-03 Saving Configurations Erasing the Cisco Wireless LAN Controller Configuration Clearing ConfigurationsClear config 26/05 Clearing Configurations OL-7426-03 26/05 Resetting the Cisco Wireless LAN Controller OL-7426-03 Resetting the Cisco Wireless LAN Controller 26/05 Using the Cisco Wireless Control System OL-7426-03 Using the Cisco Wireless Control System 26/05 Using the Cisco Wireless Control System OL-7426-03 Starting and Stopping Windows Cisco WCS Starting Cisco WCS as a Windows Application26/05 Starting and Stopping Windows Cisco WCS OL-7426-03 Starting Cisco WCS as a Windows Service Stopping the Cisco WCS Windows Application Stopping the Cisco WCS Windows Service Checking the Cisco WCS Windows Service Status Starting the Linux Cisco WCS Application Starting and Stopping Linux Cisco WCSStopping the Linux Cisco WCS Application 26/05 Starting and Stopping Linux Cisco WCS OL-7426-03 Checking the Linux Cisco WCS Status Starting a Cisco WCS User Interface Starting and Stopping the Cisco WCS Web Interface Stopping a Cisco WCS User Interface Manually Stopping the Cisco WCS User InterfaceCisco WCS Shutdown Stopping the Cisco WCS User Interface 26/05 Using Cisco WCS OL-7426-03 Using Cisco WCS Figure Network Summary for Unconfigured Cisco WCS Database Checking the Cisco Wlan Solution Network Summary Figure Network Summary for Configured Cisco WCS Database Adding a Cisco Wireless LAN Controller to Cisco WCS 26/05 Creating an RF Calibration Model OL-7426-03 Creating an RF Calibration Model Adding a Campus Map to the Cisco WCS Database 26/05 Adding a Building to a Campus OL-7426-03 Adding a Building to a Campus 26/05 Adding a Building to a Campus OL-7426-03 26/05 Adding a Building to a Campus OL-7426-03 Adding a Standalone Building to the Cisco WCS Database 26/05 Adding an Outdoor Area to a Campus OL-7426-03 Adding an Outdoor Area to a Campus 26/05 Adding an Outdoor Area to a Campus OL-7426-03 26/05 Adding an Outdoor Area to a Campus OL-7426-03 26/05 Adding Floor Plans to a Campus Building OL-7426-03 Adding Floor Plans to a Campus Building 26/05 Adding Floor Plans to a Campus Building OL-7426-03 Repeat this section for any remaining Floors or Basements 26/05 Using Map Editor OL-7426-03 Using Map Editor 26/05 Adding Floor Plans to a Standalone Building OL-7426-03 Adding Floor Plans to a Standalone Building 26/05 Adding Floor Plans to a Standalone Building OL-7426-03 26/05 Adding Floor Plans to a Standalone Building OL-7426-03 Repeat this section for any remaining Floors or Basements Page Page Page Page Page Page 26/05 Monitoring Predicted Coverage Rssi OL-7426-03 Monitoring Predicted Coverage Rssi Monitoring Channels on a Floor Map Monitoring Transmit Power Levels on a Floor MapMonitoring Coverage Holes on a Floor Map 26/05 Monitoring Channels on a Floor Map OL-7426-03 Monitoring Clients on a Floor Map Monitoring Users on a Floor MapTable Clients Parameter Description Troubleshooting with Cisco WCS Detecting and Locating Rogue Access Points26/05 Troubleshooting with Cisco WCS OL-7426-03 26/05 Detecting and Locating Rogue Access Points OL-7426-03 26/05 Detecting and Locating Rogue Access Points OL-7426-03 Assign to me Unassign Delete Show the Event History 26/05 Acknowledging Rogue Access Points OL-7426-03 Acknowledging Rogue Access PointsLocating Clients Use Monitor/Clients to navigate to the Clients Summary 26/05 Locating Clients OL-7426-03 26/05 Finding Coverage Holes OL-7426-03 Finding Coverage Holes Figure Typical Network Summary Viewing Cisco WCS Statistics Reports 26/05 Updating OS Software from Cisco WCS OL-7426-03 Updating OS Software from Cisco WCS 26/05 Updating OS Software from Cisco WCS OL-7426-03 Installing Cisco WCS Managing Cisco WCS and Database26/05 Managing Cisco WCS and Database OL-7426-03 26/05 Updating the Windows Cisco WCS OL-7426-03 Updating the Windows Cisco WCS Updating the Linux Cisco WCS Create a Backup DirectoryStop the Cisco WCS Server Application Back Up the Cisco WCS Server Database Uninstall the Old Cisco WCS Server Application Restore the Cisco WCS Server DatabaseStart the Cisco WCS Server Application Reinitializing the Linux Cisco WCS Database Reinitializing the Windows Cisco WCS Database Adding User Accounts Administering Cisco WCS Users and Passwords Deleting User Accounts Changing Passwords 26/05 Using the Web User Interface OL-7426-03 Using the Web User Interface 26/05 Using the Web User Interface OL-7426-03 Adding CA Certificates to a Cisco Wireless LAN Controller Adding ID Certificates to a Cisco Wireless LAN Controller Page 26/05 Configuring Location Appliances OL-7426-03 Configuring Location AppliancesAdding a Location Appliance to the Cisco WCS Database Select Locate to display the All Location Appliances Select Synchronize Network Designs Assigning Controllers to Cisco Wireless LAN Controllers Unassigning Controllers to Cisco Wireless LAN ControllersSelect Synchronize Switches Editing Location Appliance Polling Parameters Editing Location Appliance History Parameters Editing Location Appliance Location Parameters Adding Location Appliance User Groups Changing Location Appliance User Group PermissionsDeleting Location Appliance User Groups Adding Location Appliance Users Deleting Location Appliance Users Adding Location Appliance Host Access Editing Location Appliance Advanced Parameters Deleting Location Appliance Host Access Clearing Location Appliance Configurations Select Clear ConfigurationDeleting a Location Appliance from the Cisco WCS Database Viewing Location Appliance Alarms Operating Location Appliances26/05 Operating the Location Appliances OL-7426-03 Assigning and Unassigning Location Appliance Alarms Deleting and Clearing Location Appliance AlarmsViewing Location Appliance Alarm Events Viewing Location Appliance Events Backing Up Location Appliance Historical DataRestoring Location Appliance Historical Data Select Synchronize Switches Viewing Location Appliance Current Status 26/05 Operating the Location Appliances OL-7426-03 Running Java GC on the Location Appliance Memory Defragmenting the Location Appliance DatabaseRestarting the Location Appliance Application Software Select Defragment Database Rebooting the Location Appliance Using Error Messages Troubleshooting TipsError Message Description 26/05 Troubleshooting Tips OL-7426-03 Lradifloadprofilepassed Ipsecesppolicyfailure Using Client Reason and Status Codes in the Trap Log Client Reason CodesClient Reason Description Meaning Code Client Status Codes Using Cisco 1000 Series Lightweight Access Point LEDs Flashing References 10BASE-T Glossary100BASE-T 1000BASE-SX ACL AESAPI Bios CPU CSMA/CD CSMA/CADES Dhcp DNS DMZDscp DSL FCS EssidFips FPE GUI GarpGvrp Ieee IPX-SPX IKE Isdn ISAISS L2TP Lwapp LeapMAC MIC Ofdm NvramPCI Pcmcia PPP RadiusRSN Rtos RssiSNR Soho TCP SSLTCP/IP Tftp Tkip TIMUSB Vlan WEP WecaWisp Wlan 26/05 Cisco Wlan Solution Supported Country Codes OL-7426-03 Cisco Wlan Solution Supported Country Codes CTO Ficora TBD STD-T66 NPT Indoor/ Outdoor Use Frequency Range GHz Regulatory Authority Channels Transmit Power RadioTx + Allowed Antenna Gain = USX