Configuring Vacls To Capture Ids Traffic - Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Installation And Configuration Manual

IDSM-2 Configuration Tasks
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8

Configuring VACLS to Capture IDS Traffic

Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
10-92
Set the source interfaces/VLANs for the monitor session:
Router (config)# monitor session {
slot_number/port_number
type
both]
Enable an IDSM-2 data port as a SPAN destination:
Router (config)# monitor session {
intrusion-detection-module
If you want to disable the monitor session:
Router (config)# no monitor session
To filter the SPAN session so that only certain VLANs are seen from switch port
trunks (optional):
Router (config)# monitor session {
| - ]}
Exit configuration mode:
Router (config)# exit
To show current monitor sessions:
Router # show monitor session
Refer to the Catalyst 6500 Series Cisco IOS Command Reference for
Note
more information on SPAN.
You can set VACLs to capture traffic for IDS from a single VLAN or from
multiple VLANs. This section describes how to configure VACLs to capture IDS
traffic.
This section contains the following topics:
• Catalyst Software, page 10-93
Cisco IOS Software, page 10-94
•
Chapter 10 Configuring the Sensor Using the CLI
session_number
vlan_ID
} | {vlan }} [, | - | rx | tx |
session_number
module_number
data-port
session_number
session_number
session_number
} {source {interface
} {destination
data_port_number
vlan_ID
} {filter { } [,
78-15597-02