H3C S9500 Series Operation Manual page 1226

Operation Manual – IDS Linkage
H3C S9500 Series Routing Switches
1.2.2 Configuring IDS Linkage
Follow these steps to configure IDS linkage:
Enter system view
Configure port mirroring
Enter Ethernet port view
Enable IDS linkage on the
port
Display port mirroring
Display IDS linkage
information
Note:
If the IDS linkage is enabled on the Ethernet port, the system may give alarms when
you enable IDS linkage again. However, this does not affect the state of IDS linkage.
The monitor port configured in a mirroring group connects the IDS monitoring port.
The IDS linkage is enabled on the mirroring ports in the port monitoring group.
The system identifies packet filter rules generated by IDS and does not save nodes
generated by IDS. The packet filter rules generated by IDS are invisible even if you
execute the display this command in port view.
1.3 IDS Linkage Configuration Example
I. Network requirements
As shown in
which connects to the switch port Ethernet3/1/1.
Before being controlled by the IDS, the host (192.168.1.20) can ping successfully
the host (192.168.1.205, which connects to the switch port Ethernet3/1/3.)
After being controlled by the IDS, the host (192.168.1.20) fails to ping host
(192.168.1.205)
To do...
system-view
mirroring-group groupid
{ inbound | outbound }
mirroring-port-list
mirrored-to mornitor-port
interface interface-type
interface-number
ids-acl enable
display mirroring-group
[ groupid ]
display ids { all |
controlled-interface |
name name | source
ip-addr | destination
ip-addr }
Figure 1-1, the IDS detects the host with IP address 192.168.1.20,
Chapter 1 IDS Linkage Configuration
Use the command...
1-3
Remarks
—
Required
For details, refer to the
corresponding parts of the
command manual.
The prompt character for
the Ethernet view
depends on the input port.
Required
Optional
Available in any view