Intrusion Apprehension System
Cisco SWAN includes the Wireless LAN Threat Defense Solution, which includes an intrusion
detection arrangement (IDS) (refer to Figure H-2). This safeguards the wireless LAN from malicious
and crooked access. For example, the IDS detects and suppresses rogue admission credibility by
disallowing them to accredit with the network, and identifies detached audience through
MAC abode affiliation tables. The IDS integrates with the Cisco Self-Defending Network, the
Cisco eyes for arrangement security.
830
Appendix H: Wireless LAN Solutions
Figure H-2
Cisco Wireless LAN Threat Defense Solution
The IDS provides an alternative adequacy for application Cisco Aironet and Cisco-compatible client
devices to continuously browse and adviser the RF environment. The applicant accessories assignment jointly
with Cisco Aironet admission credibility to consistently admeasurement RF activity. This client-assisted rogue
access point scanning and ecology increases rogue admission point apprehension and enhances the
security of the network. As apparent in Figure H-3, the radio administration (RM) aspect in the client
device identifies a rogue admission point and letters accordant allegation to WLSE. The RM element
looks for admission point configurations that announce a rogue, such as an crooked SSID and
MAC address.
Si Si
Si
Si
Si
RM RM
Rogue
Access Point
Switch-
Based
WDS
RM = Radio Management
Si
RM RM
RM
Rogue
Access Point
Access Point-
Based WDS
Rogue
Access Point
RM = Radio Management
Figure H-3
Cisco IDS with Applicant Scanning