Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

5-19

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 5 Configuring Interfaces

Configuring Promiscuous Mode

• For the procedure for configuring inline VLAN pairs, see Configuring Inline VLAN Pair Mode,

page 5-25.

• For the procedure for adding interfaces to virtual sensors, see Adding, Editing, and Deleting Virtual

Sensors, page 6-5.

Configuring Promiscuous Mode

This section describes promiscuous mode on the sensor, and contains the following topics:

• Understanding Promiscuous Mode, page 5-19

• Configuring Promiscuous Mode, page 5-20

• IPv6, Switches, and Lack of VACL Capture, page 5-20

Understanding Promiscuous Mode

In promiscuous mode, packets do not flow through the sensor. The sensor analyzes a copy of the

monitored traffic rather than the actual forwarded packet. The advantage of operating in promiscuous

mode is that the sensor does not affect the packet flow with the forwarded traffic. The disadvantage of

operating in promiscuous mode, however, is the sensor cannot stop malicious traffic from reaching its

intended target for certain types of attacks, such as atomic attacks (single-packet attacks). The response

actions implemented by promiscuous sensor devices are post-event responses and often require

assistance from other networking devices, for example, routers and firewalls, to respond to an attack.

While such response actions can prevent some classes of attacks, in atomic attacks the single packet has

the chance of reaching the target system before the promiscuous-based sensor can apply an ACL

modification on a managed device (such as a firewall, switch, or router).

By default, all sensing interfaces are in promiscuous mode. To change an interface from inline interface

mode to promiscuous mode, delete any inline interface that contains that interface and delete any inline

VLAN pair subinterfaces of that interface from the interface configuration.

Figure 5-1 illustrates promiscuous mode:

Figure 5-1 Promiscuous Mode

Router

Host

Sensor

Switch

Span port sending

copies of VLAN A traffic

253443

VLAN A

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems IPS 7.1 Home Security System User Manual