Table of Contents
Advertisement
Chapter 1
Introducing the Sensor
Figure 1-2
Figure 1-2
Router
For More Information
For a list of restrictions pertaining to IPS sensor interfaces, see
IPv6, Switches, and Lack of VACL Capture
VACLs on Catalyst switches do not have IPv6 support. The most common method for copying traffic to
a sensor configured in promiscuous mode is to use VACL capture. If you want to have IPv6 support, you
can use SPAN ports.
However, you can only configure up to two monitor sessions on a switch unless you use the following
configuration:
•
•
•
The following configuration uses one SPAN session to send all of the traffic on any of the specified
VLANs to all of the specified ports. Each port configuration only allows a particular VLAN or VLANs
to pass. Thus you can send data from different VLANs to different sensors or virtual sensors all with one
SPAN configuration line:
clear trunk 4/1-4 1-4094
set trunk 4/1 on dot1q 930
set trunk 4/2 on dot1q 932
set trunk 4/3 on dot1q 960
set trunk 4/4 on dot1q 962
set span 930, 932, 960, 962 4/1-4 both
The SPAN/Monitor configuration is valuable when you want to assign different IPS policies per VLAN
Note
or when you have more bandwidth to monitor than one interface can handle.
OL-18504-01
illustrates promiscuous mode.
Promiscuous Mode
Switch
VLAN A
Sensor
Monitor session
Multiple trunks to one or more sensors
Restrict per trunk port which VLANs are allowed to perform monitoring of many VLANs to more
than two different sensors or virtual sensors within one IPS
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0
Host
Span port sending
copies of VLAN A traffic
How the Sensor Functions
Interface Restrictions, page
1-10.
1-13
- Quick Links:
- Table of Contents
- How the Sensor Functions
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the IPS-4255-K9 - Intrusion Protection Sys 4255 and is the answer not in the manual?