Table of Contents
Advertisement
Chapter 10
Configuring the Sensor Using the CLI
Catalyst Software
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
78-15597-02
Port 1 is set as the TCP reset port. Ports 7 and 8 are the sensing ports and can be
configured as security ACL capture ports. By default, ports 7 and 8 are configured
as trunk ports and trunk all VLANs on which a security ACL has been applied
with the capture feature. If you want to monitor traffic from specific VLANs only,
you need to clear the VLANs that you do not want to monitor so that they are not
trunked to ports 7 and 8.
To set VACLs to capture IDS traffic on VLANs, follow these steps:
Log in to the console.
Enter privileged mode.
console> enable
Set the VACL to capture traffic:
console> (enable) set security acl ip
Commit the VACL:
console> (enable) commit security acl
Map the VACL to the VLANs:
console> (enable) set security acl map
Add the IDSM-2 monitoring port (port 7 or 8) to the VACL capture list:
console> (enable) set security acl capture
This example shows how to capture IDS traffic on VLANs:
Console> (enable) show security acl info all
set security acl ip webacl2
—————————————————————————-
permit tcp any host 10.1.6.1 eq 21 capture
permit tcp host 10.1.6.1 eq 21 any capture
permit tcp any host 10.1.6.1 eq 80 capture
permit tcp any host 10.1.6.2 eq 80 capture
deny ip any host 10.1.6.1
deny ip any host 10.1.6.2
permit ip any any
IDSM-2 Configuration Tasks
acl name
permit (...) capture
acl name [vlans]
module_number
port_number
/
10-93
Advertisement
Table of Contents
Troubleshooting
