Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
5-42
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 5 Configuring Interfaces
Displaying Interface Statistics
sensor(config)# service interface
Step 3 Enable CDP mode.
sensor(config-int)# cdp-mode forward-cdp-packets
Step 4 Verify the settings.
sensor(config-int)# show settings
-----------------------------------------------
bypass-mode: auto <defaulted>
interface-notifications
-----------------------------------------------
missed-percentage-threshold: 0 percent <defaulted>
notification-interval: 30 seconds <defaulted>
idle-interface-delay: 30 seconds <defaulted>
-----------------------------------------------
cdp-mode: forward-cdp-packets default: drop-cdp-packets
sensor(config-int)#
Displaying Interface Statistics
Note The show interface command output for the IPS 4510 and IPS 4520 does not include the total undersize
packets or total transmit FIFO overruns.
Note When the IPS 4510 and IPS 4520 are in bypass mode, VLAN statistics in the show interface and packet
display/capture command output do not show any packets.
Note For IPS standalone appliances with 1 G and 10 G fixed or add-on interfaces, the maximum jumbo frame
size is 9216 bytes. For integrated IPS sensors, such as the ASA 5500-X and ASA 5585-X series, refer to
the following URL for information:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1328
869
A jumbo frame is an Ethernet packet that is larger than the standard maximum of 1518 bytes (including
Layer 2 header and FCS).
Note The jumbo packet count in the show interface command output from the lines Total Jumbo Packets
Received
and Total Jumbo Packets Transmitted for ASA IPS modules may be larger than expected
due to some packets that were almost jumbo size on the wire being counted as jumbo size by the IPS.
This miscount is a result of header bytes added to the packet by the ASA before the packet is transmitted
to the IPS. For IPv4, 58 bytes of header data are added. For IPv6, 78 bytes of header data are added. The
ASA removes the added IPS header before the packet leaves the ASA.
Use the show interfaces [clear | brief] command in EXEC mode to display statistics for all system
interfaces. Use the show interfaces {FastEthernet | GigabitEthernet | Management | PortChannel}
[slot/port] command to display statistics for specific interfaces.
 previous next