Filter
Top Products
5-39
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 5 Configuring Interfaces
Configuring Inline Bypass Mode
You can use inline bypass as a diagnostic tool and a failover protection mechanism. Normally, the sensor
Analysis Engine performs packet analysis. When inline bypass is activated, the Analysis Engine is
bypassed, allowing traffic to flow through the inline interfaces and inline VLAN pairs without
inspection. Inline bypass ensures that packets continue to flow through the sensor when the sensor
processes are temporarily stopped for upgrades or when the sensor monitoring processes fail. There are
three modes: on, off, and automatic. By default, bypass mode is set to automatic.
The inline bypass functionality is implemented in software, so it only functions when the operating
system is running. If the sensor is powered off or shut down, inline bypass does not work—traffic does
not flow through the sensor.
For IPS 4510 and IPS 4520, when the SensorApp is not running or if bypass mode is on, the following
occurs:
• The output from the packet capture/display command does not show any packets.
• The show interface and show interface interface_name commands do not show VLAN statistics.
Configuring Inline Bypass Mode
Use the bypass-mode command in the service interface submode to configure bypass mode. The
following options apply:
• off—Turns off inline bypassing. Packet inspection is performed on inline data traffic. However,
inline traffic is interrupted if the Analysis Engine is stopped.
• on—Turns on inline bypassing. No packet inspection is performed on the traffic. Inline traffic
continues to flow even if the Analysis Engine is stopped.
• auto—Turns on automatic bypassing. The sensor automatically begins bypassing inline packet
inspection if the Analysis Engine stops processing packets. This prevents data interruption on inline
interfaces. This is the default.
Configuring Bypass Mode
To configure bypass mode, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Enter interface submode.
sensor# configure terminal
sensor(config)# service interface
Step 3 Configure bypass mode.
sensor(config-int)# bypass-mode off
Step 4 Verify the settings.
sensor(config-int)# show settings
-----------------------------------------------
bypass-mode: off default: auto
interface-notifications
-----------------------------------------------
missed-percentage-threshold: 0 percent <defaulted>
notification-interval: 30 seconds <defaulted>
idle-interface-delay: 30 seconds <defaulted>
-----------------------------------------------
sensor(config-int)#