Configuring The Mls Ip Ids Command - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Configuring the Catalyst Series 6500 Switch for IDSM-2 in Promiscuous Mode
router(config-std-nacl)# exit
Define the VLAN access map:
Step 4
router(config)# vlan access-map map_name [0-65535]
Configure a match clause in a VLAN access map sequence:
Step 5
router (config-access-map)# match [ip address {1-199 | 1300-2699 | acl_name}]
Configure an action clause in the VLAN access map sequence to accompany the preceding match clause:
Step 6
router(config-access-map)# action forward capture
Apply the VLAN access-map to the specified VLANs:
Step 7
router (config)# vlan filter map_name vlan-list vlan_list
Configure the IDSM-2 data ports to capture the captured-flagged traffic:
Step 8
router (config)# intrusion-detection module module_number data-port data_port_number
capture allowed-vlan capture_vlans
Note
Step 9 Enable the capture function on IDSM-2:
router (config)# intrusion-detection module module_number data-port data_port_number
capture
This example shows the output from the show run command:
router# show run
intrusion-detection module 4 data-port 1 capture allowed-vlan 450,1002-1005
intrusion-detection module 4 data-port 1 capture
.
.
.
vlan access-map CAPTUREALL 10
match ip address MATCHALL
action forward capture
.
.
.
ip access-list extended MATCHALL
permit ip any any
router#

Configuring the mls ip ids Command

This section describes how to use the mls ip ids command to capture IPS traffic, and contains the
following topics:
•
•
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
15-14
When the switch is routing traffic, you should configure IDSM-2 to monitor all VLANs being
routed. If you apply the VACL to a FlexWan2 port, you need to configure IDSM-2 to monitor all
VLANs.
Catalyst Software, page 15-15
Cisco IOS Software, page 15-15
Chapter 15 Configuring IDSM-2
78-16527-01