Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

5-17

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 5 Configuring Interfaces

Configuring Physical Interfaces

Configuring the Physical Interface Settings

To configure the physical interface settings for promiscuous mode on the sensor, follow these steps:

Step 1 Log in to the CLI using an account with administrator privileges.

Step 2 Enter interface submode.

sensor# configure terminal

sensor(config)# service interface

Step 3 Display the list of available interfaces.

sensor(config-int)# physical-interfaces ?

GigabitEthernet0/0 GigabitEthernet0/0 physical interface.

GigabitEthernet0/1 GigabitEthernet0/1 physical interface.

GigabitEthernet0/2 GigabitEthernet0/2 physical interface.

GigabitEthernet0/3 GigabitEthernet0/3 physical interface.

Management0/0 Management0/0 physical interface.

sensor(config-int)# physical-interfaces

Step 4 Specify the interface for promiscuous mode.

sensor(config-int)# physical-interfaces GigabitEthernet0/2

Step 5 Enable the interface. You must assigned the interface to a virtual sensor and enable it before it can

monitor traffic.

sensor(config-int-phy)# admin-state enabled

Step 6 Add a description of this interface.

sensor(config-int-phy)# description INT1

Step 7 Specify the duplex settings. This option is not available on the ASA IPS modules (ASA 5500 AIP SSM,

ASA 5500-X IPS SSP ASA 5585-X IPS SSP).

sensor(config-int-phy)# duplex full

Step 8 Specify the speed. This option is not available on the ASA IPS modules (ASA 5500 AIP SSM,

ASA 5500-X IPS SSP ASA 5585-X IPS SSP).

sensor(config-int-phy)# speed 1000

Step 9 Enable TCP resets for this interface if desired. This option is not available on the ASA IPS modules

(ASA 5500 AIP SSM, ASA 5500-X IPS SSP ASA 5585-X IPS SSP).

sensor(config-int-phy)# alt-tcp-reset-interface interface-name GigabitEthernet2/0

Step 10 Repeat Steps 4 through 9 for any other interfaces you want to designate as promiscuous interfaces.

Step 11 Verify the settings.

Note Make sure the subinterface-type is none, the default. You use the subinterface-type command

to configure inline VLAN pairs.

sensor(config-int-phy)# show settings

<protected entry>

name: GigabitEthernet0/2

-----------------------------------------------

media-type: tx <protected>

description: INT1 default:

admin-state: enabled default: disabled

previous next