Configuring Vacls - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual
Configuration guide
Hide thumbs
Also See for 4215 - Intrusion Detection Sys Sensor:
- Hardware installation manual (74 pages)
Table of Contents
Advertisement
Chapter 15
Configuring IDSM-2
Enable an IDSM-2 data port as a SPAN destination:
Step 4
router (config)# monitor session (session_number) destination intrusion-detection-module
module_number data-port data_port_number
Example:
router (config)# monitor session 1 destination intrusion-detection-module 9 data-port 1
(Optional) To disable the monitor session:
Step 5
router (config)# no monitor session session_number
Step 6
(Optional) To filter the SPAN session so that only certain VLANs are seen from switch port trunks:
router (config)# monitor session (session_number) {filter vlan {vlan_ID} [, | - ]}
Example:
router (config)# monitor session 1 filter vlan 146
Exit configuration mode:
Step 7
router (config)# exit
To show current monitor sessions:
Step 8
router # show monitor session session_number
Example:
router # show monitor session 1
Note
Configuring VACLS
You can set VACLs to capture traffic for IPS from a single VLAN or from multiple VLANs or from
FLexWAN2 ports on the 7600 router when using Cisco IOS software. This section describes how to
configure VACLs, and contains the following topics:
•
•
78-16527-01
Session 1
---------
Type
Source Ports
Both
Destination Ports
For more information on SPAN, refer to the appropriate Catalyst 6500 Series Cisco IOS
Command Reference.
Catalyst Software, page 15-12
Cisco IOS Software, page 15-13
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
Configuring the Catalyst Series 6500 Switch for IDSM-2 in Promiscuous Mode
: Local Session
:
: Gi2/23
: intrusion-detection-module 9 data-port 1
15-11
Advertisement
Table of Contents
Troubleshooting
