Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual page 283
Configuration guide
Hide thumbs
Also See for 4215 - Intrusion Detection Sys Sensor:
- Hardware installation manual (74 pages)
Table of Contents
Advertisement
Chapter 15
Configuring IDSM-2
For more information on EtherChanneling, refer to Catalyst 6500 Series Cisco IOS Software
Configuration Guide, 12.2SX.
To configure EtherChannel load balancing on IDSM-2, follow these steps:
Configure each IDSM-2 for promiscuous operation.
Step 1
For the procedure, see
Note
Log in to the console.
Step 2
Enter global configuration mode:
Step 3
router# configure terminal
Create the VACL:
Step 4
router(config)# ip access-list extended vacl_name
Add any access control entries, for example, permit any any:
Step 5
router(config-ext-nacl)# permit ip any any
Step 6
Create at least one VLAN access map sequence:
router(config-ext-nacl)# vlan access-map vlan_access_map_name sequence_number
router(config-access-map)# match ip address vacl_name
router(config-access-map)# action forward capture
Apply the VLAN access map to the VLAN(s):
Step 7
router(config-access-map)# vlan filter vlan_access_map_name vlan-list vlan_list
For each IDSM-2, add the desired data ports into the desired EtherChannel:
Step 8
router(config)# intrusion-detection module module_number data-port data_port_number
channel-group channel_number
Each EtherChannel has a numbered port channel interface. You can configure a maximum of 64 port
channel interfaces, numbered from 1 to 256.
Configure EtherChannel load balancing:
Step 9
router(config)# port-channel load-balance [dst-ip | dst-mac | dst-port | mpls | src-dst-ip
| src-dst-mac | src-dst-port | src-ip | src-mac | src-port]
The following options apply:
dst-ip—Destination IP address
•
dst-mac—Destination MAC address
•
dst-port —Destination TCP/UDP port
•
mpls—Load balancing for MPLS packets
•
src-dst-ip—Source and destination IP address
•
src-dst-mac—Source and destination MAC address
•
src-dst-port—Source and destination TCP/UDP port
•
78-16527-01
Chapter 5, "Configuring Interfaces."
Make sure that all IDSM-2 VACL capture or SPAN or monitor configuration lines have been
removed before configuring IDSM-2 EtherChanneling.
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
Configuring EtherChanneling
15-21
Advertisement
Table of Contents
Troubleshooting
