06-26-2023 03:33 PM
Hi,
We have recently deployed C9800 WLC and enabled Rogue and aWIPs on it. What we've done for aWIPs is create a new policy and assigned to WLC. We can see all the threat events matching the signature showing in the dashboard. However, I'm not clear of how it operates and what happens from here on and we're also seeing some unusual events. Could someone assist with the following queries
I've gone through documentation of Rogue and aWIPs but don't see much information on tweaking profiles and policies.
Sajid
07-16-2023 08:58 PM
Hi Sajid,
The aWIPS threats need to be contained manually based on the the threat signature; the WLC or DNAC does not contain them automatically. Most of the times these threats are caused by Rogue devices and that can be contained by the Rogue rules and containment policies.
For your second concern, I would suggest you to open a TAC case to investigate the root cause for the behaviour which does not seem normal.
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.
You can also learn more about Cisco DNA Center through our live Ask the Experts (ATXs) session. Check out Cisco DNA Center ATXs Resources [https://community.cisco.com/t5/networking-knowledge-base/cisco-dna-center-ask-the-experts-resources/ta-p/4394489] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide