Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

5-21

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 5 Configuring Interfaces

Configuring Inline Interface Mode

and payload of the packets for more sophisticated embedded attacks (Layers 3 to 7). This deeper analysis

lets the system identify and stop and/or block attacks that would normally pass through a traditional

firewall device.

In inline interface pair mode, a packet comes in through the first interface of the pair on the sensor and

out the second interface of the pair. The packet is sent to the second interface of the pair unless that

packet is being denied or modified by a signature.

Note You can configure the ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and

ASA 5585-X IPS SSP) to operate inline even though they have only one sensing interface.

Note If the paired interfaces are connected to the same switch, you should configure them on the switch as

access ports with different access VLANs for the two ports. Otherwise, traffic does not flow through the

inline interface.

Figure 5-2 illustrates inline interface pair mode:

Figure 5-2 Inline Interface Pair Mode

Configuring Inline Interface Pairs

Note For information on what you need to configure if you are using the hardware bypass card on the IPS 4260

and the IPS 4270-20, see Hardware Bypass Configuration Restrictions, page 5-12.

Use the inline-interfaces name command in the service interface submode to create inline interface

pairs.

Note You can configure the ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and

ASA 5585-X IPS SSP) to operate inline even though they have only one sensing interface.

The following options apply:

• inline-interfaces name—Specifies the name of the logical inline interface pair.

• default—Sets the value back to the system default setting.

• description—Specifies your description of the inline interface pair.

• interface1 interface_name—Specifies the first interface in the inline interface pair.

• interface2 interface_name—Specifies the second interface in the inline interface pair.

Host

Sensor

Switch

Traffic passes

through interface pair

253444

Router

VLAN A

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems IPS 7.1 Home Security System User Manual