Catalyst Software - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Chapter 15 Configuring IDSM-2

Catalyst Software

You configure IDSM-2 monitoring ports as trunk ports for inline operation for Catalyst software 8.4(1)
or later with Supervisor Engine 1a, Supervisor Engine 2, Supervisor Engine 32, or Supervisor Engine
720. Because the native VLAN is the same as the sole VLAN being trunked, the traffic is not 802.1q
encapsulated.
For IPS 5.0(1) you can only configure one IDSM-2 for inline mode between two VLANs. This restriction
Caution
has been removed for IPS 5.0(2).
The default configuration for IDSM-2 ports 7 and 8 is to trunk all VLANs 1 to 4094. If you clear the
Caution
IDSM-2 configuration (clear configuration module_number), IDSM-2 will be trunking all VLANs. If
the IDSM-2 interfaces are configured for inline, spanning tree loops will likely be created and a storm
will occur. A storm is numerous packets looping and never reaching their destination.
To configure the monitoring ports on IDSM-2 for inline mode, follow these steps:
Log in to the console.
Step 1
Enter privileged mode.
Step 2
cat6k> enable
Set the native VLAN for each IDSM-2 monitoring port:
Step 3
cat6k (enable)> set vlan vlan_number slot_number/port_number
Example:
cat6k (enable)> set vlan 651 9/7
cat6k (enable)> set vlan 652 9/8
Clear all VLANs from each IDSM-2 monitoring port except for the native VLAN on each port (651 for
Step 4
port 7 and 652 on port 8):
cat6k (enable)> clear trunk slot_number/port_number vlan_range
Example:
cat6k (enable)> clear trunk 9/7 1-650,652-4094
cat6k (enable)> clear trunk 9/8 1-651,653-4094
Enable Bpdu spantree filtering on the IDSM-2 monitoring ports:
Step 5
cat6k (enable)> set spantree bpdu-filter 6/7-8 enable
Note
78-16527-01
For IPS 5.0(2), omit this step.
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
Configuring the Catalyst Series 6500 Switch for IDSM-2 in Inline Mode
15-17