Table of Contents
Advertisement
IDSM-2 Configuration Tasks
Step 3
Step 4
Capturing IDS Traffic
Using SPAN for Capturing IDS Traffic
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
10-90
Put the command and control port into the correct VLAN:
Router (config)# intrusion-detection-module
management-port access-vlan
Example:
Router (config)# intrusion-detection-module 5 management-port
access-vlan 146
Verify that you have connectivity by sessioning into the IDSM-2:
Router# session slot
network_ip_address
ping
Traffic is captured for intrusion detection analysis on the IDSM-2 through SPAN,
VACL capture, or by using the mls ip ids command. Port 1 is used as the TCP
reset port, port 2 is the command and control port, and ports 7 and 8 are the
monitoring ports. You can configure one of the monitoring ports as a SPAN or
VACL monitoring port.
This section contains the following topics:
Using SPAN for Capturing IDS Traffic, page 10-90
•
Configuring VACLS to Capture IDS Traffic, page 10-92
•
•
Using the mls ip ids Command for Capturing IDS Traffic, page 10-96
The IDSM-2 can analyze Ethernet VLAN traffic from Ethernet or Fast Ethernet
SPAN source ports, or you can specify an Ethernet VLAN as the SPAN source.
This section describes how to use SPAN to capture IDS traffic.
The section contains the following topics:
•
Catalyst Software, page 10-91
•
Cisco IOS Software, page 10-91
Chapter 10
vlan_number
module_number
processor 1
Configuring the Sensor Using the CLI
module_number
78-15597-02
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor and is the answer not in the manual?
Questions and answers