In this next article from the “Wireless Security” series we are going to examine Cisco Intrusion Detection System (CIDS) feature that is used to integrate IPS with WLC.
Current LWAPP-based WLAN systems only support basic IDS features due to the fact that they are essentially Layer 2 systems with limited line-processing power. What it means is that WLC is not able to detect many of the attacks carried at Layer 3. That’s the primary reason why Cisco developed CIDS – instead of shifting the detection function into WLC it is easier to use some of the existing capabilities of IPS appliances.
The goal here is to allow the Cisco IDS/IPS system to instruct the WLC to block certain clients from access to wireless networks when an attack is detected anywhere from Layer 3 through Layer 7 that involves the client in consideration. It works by configuring the WLC to poll IPS at the configured query rate in order to retrieve all blocking/shunning events. Simply put – if IPS wants to block a device that turns out to be a wireless client, WLC will learn about it and block traffic at Layer 2 (which is called a Client Exclusion).
Read Full Entry »