Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

5-20

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 5 Configuring Interfaces

Configuring Inline Interface Mode

Configuring Promiscuous Mode

By default, all sensing interfaces are in promiscuous mode. To change an interface from inline mode to

promiscuous mode, delete the inline interface that contains that interface from the interface

configuration.

IPv6, Switches, and Lack of VACL Capture

VACLs on Catalyst switches do not have IPv6 support. The most common method for copying traffic to

a sensor configured in promiscuous mode is to use VACL capture. If you want to have IPv6 support, you

can use SPAN ports.

However, you can only configure up to two monitor sessions on a switch unless you use the following

configuration:

• Monitor session

• Multiple trunks to one or more sensors

• Restrict per trunk port which VLANs are allowed to perform monitoring of many VLANs to more

than two different sensors or virtual sensors within one IPS

The following configuration uses one SPAN session to send all of the traffic on any of the specified

VLANs to all of the specified ports. Each port configuration only allows a particular VLAN or VLANs

to pass. Thus you can send data from different VLANs to different sensors or virtual sensors all with one

SPAN configuration line:

clear trunk 4/1-4 1-4094

set trunk 4/1 on dot1q 930

set trunk 4/2 on dot1q 932

set trunk 4/3 on dot1q 960

set trunk 4/4 on dot1q 962

set span 930, 932, 960, 962 4/1-4 both

Note The SPAN/Monitor configuration is valuable when you want to assign different IPS policies per VLAN

or when you have more bandwidth to monitor than one interface can handle.

Configuring Inline Interface Mode

This section describes inline mode on the sensor, and contains the following topics:

• Understanding Inline Interface Mode, page 5-20

• Configuring Inline Interface Pairs, page 5-21

Understanding Inline Interface Mode

Operating in inline interface pair mode puts the IPS directly into the traffic flow and affects

packet-forwarding rates making them slower by adding latency. This allows the sensor to stop attacks by

dropping malicious traffic before it reaches the intended target, thus providing a protective service. Not

only is the inline device processing information on Layers 3 and 4, but it is also analyzing the contents

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems IPS 7.1 Home Security System User Manual