Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
900
Views
0
Helpful
1
Replies

IDSM

steve554365
Level 1
Level 1

‎08-21-2013 09:38 AM - edited ‎03-10-2019 06:02 AM

Got idsm in a 6500. Too much traffic causing the load to go to 100%. Is there away to skip traffic to certain inbound destinations from getting inspected? I'm not talking about Event Action Filters as those don't stop the inspeciton, but just turn off actions. I want to say that any traffic to IPs A, B, C should be skipped by the engine. Is this possible?

Labels:
0 Helpful
1 Reply 1

lcambron
Level 3
Level 3

‎09-12-2013 10:59 AM

Hello,

It depends on how you are sending traffic to the IDSM.

You can use an ACL and deny it there:

ip access-list extended IPS
 deny ip any host x.x.x.x
 permit ip any any

vlan access-map 10
 match ip address IPS
 action forward capture

vlan filter 10 vlan-list 800

intrusion-detection module 8 data-port 1 capture allowed-vlan 800
intrusion-detection module 8 data-port 1 capture

Regards,

Felipe.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card