Understanding Interfaces - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Configuring Interfaces
This chapter describes how to configure interfaces on the sensor. It contains the following sections:
•
•
•
•
•
•
•

Understanding Interfaces

The command and control interface is permanently mapped to a specific physical interface, which
depends on the type of sensor you have. You can let the sensing interfaces operate in promiscuous mode,
or you can pair the network sensing interfaces into logical interfaces called "inline pairs." You must
enable the interfaces or inline pairs before the sensor can monitor traffic.
On appliances, the sensing interfaces are disabled by default. On modules, the sensing interfaces are
Note
always enabled and cannot be disabled.
The sensing interface does not have an IP address assigned to it and is therefore invisible to attackers.
This lets the sensor monitor the data stream without letting attackers know they are being watched.
Promiscuous mode is contrasted by inline technology where all packets entering or leaving the network
must pass through the sensor. For more information, see
and
The sensor monitors traffic on interfaces or inline pairs that are assigned to the default virtual sensor.
For more information, see
To configure the sensor so that traffic continues to flow through inline pairs even when SensorApp is not
running, you can enable bypass mode. Bypass mode minimizes dataflow interruptions during
reconfiguration, service pack installation, or software failure.
78-16527-01
Understanding Interfaces, page 5-1
Interface Support, page 5-2
Promiscuous Mode, page 5-4
Inline Mode, page 5-7
Assigning Interfaces to the Virtual Sensor, page 5-8
Bypass Mode, page 5-9
Configuring Interface Notifications, page 5-10
Understanding Inline Mode, page
Assigning Interfaces to the Virtual Sensor, page
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
C H A P T E R
Understanding Promiscuous Mode, page 5-4,
5-7.
5
5-8.
5-1