Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

5-3

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 5 Configuring Interfaces

Understanding Interfaces

• Interface Support, page 5-7

• Hardware Bypass Mode, page 5-11

• Interface Configuration Restrictions, page 5-12

• Interface Configuration Sequence, page 5-15

IPS Interfaces

The sensor interfaces are named according to the maximum speed and physical location of the interface.

The physical location consists of a port number and a slot number. All interfaces that are built-in on the

sensor motherboard are in slot 0, and the interface card expansion slots are numbered beginning with

slot 1 for the bottom slot with the slot numbers increasing from bottom to top (except for the

IPS 4270-20, where the ports are numbered from top to bottom). Each physical interface can be divided

in to VLAN group subinterfaces, each of which consists of a group of VLANs on that interface.

There are three interface roles:

• Command and control

• Sensing

• Alternate TCP reset

There are restrictions on which roles you can assign to specific interfaces and some interfaces have

multiple roles. You can configure any sensing interface to any other sensing interface as its TCP reset

interface. The TCP reset interface can also serve as an IDS (promiscuous) sensing interface at the same

time. The following restriction applies: The TCP reset interface that is assigned to a sensing interface

has no effect in inline interface or inline VLAN pair mode, because TCP resets are always sent on the

sensing interfaces in those modes.

Note There is only one sensing interface on the ASA IPS modules (ASA 5500 AIP SSM,

ASA 5500-X IPS SSP, and ASA 5585-X IPS SSP), so you cannot designate an alternate TCP reset

interface.

Caution On the IPS 4510 and IPS 4520, no interface-related configurations are allowed when the SensorApp is

down.

Command and Control Interface

The command and control interface has an IP address and is used for configuring the sensor. It receives

security and status events from the sensor and queries the sensor for statistics. The command and control

interface is permanently enabled. It is permanently mapped to a specific physical interface, which

depends on the specific model of sensor. You cannot use the command and control interface as either a

sensing or alternate TCP reset interface.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems IPS 7.1 Home Security System User Manual