Filter
Top Products
CHAPTER
5-1
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
5
Configuring Interfaces
This chapter describes how to configure interfaces on the sensor. You configured the interfaces when you
initialized the sensor with the setup command, but if you need to change or add anything to your
interface configuration, use the following procedures. For more information on configuring interfaces
using the setup command, see Chapter 3, “Initializing the Sensor.”
This chapter contains the following sections:
• Interface Notes and Caveats, page 5-1
• Understanding Interfaces, page 5-2
• Configuring Physical Interfaces, page 5-15
• Configuring Promiscuous Mode, page 5-19
• Configuring Inline Interface Mode, page 5-20
• Configuring Inline VLAN Pair Mode, page 5-25
• Configuring VLAN Group Mode, page 5-31
• Configuring Inline Bypass Mode, page 5-38
• Configuring Interface Notifications, page 5-40
• Configuring CDP Mode, page 5-41
• Displaying Interface Statistics, page 5-42
• Displaying Interface Traffic History, page 5-45
Interface Notes and Caveats
The following notes and caveats apply to configuring interfaces on the sensor:
• On appliances, all sensing interfaces are disabled by default. You must enable them to use them. On
modules, the sensing interfaces are permanently enabled.
• In IPS 7.1, rx/tx flow control is disabled on the IPS 4200 series sensors. This is a change from IPS
7.0 where rx/tx flow control is enabled by default.
• There is only one sensing interface on the ASA IPS modules (ASA 5500 AIP SSM,
ASA 5500-X IPS SSP, and ASA 5585-X IPS SSP), so you cannot designate an alternate TCP reset
interface.
• You can only assign a sensing interface as an alternate TCP reset interface. You cannot configure
the management interface as an alternate TCP reset interface.