1. When we configure TCP resets, Shunhost, or Shunconnection in the "action" option of the IPS 4240, is this action taken on behalf of IPS through its Command and control port or the Monitoring port? 
2. If through Monitoring port then if we take the "show interface" on the Switch for the SPAN port, its something like "line protocol down(monitoring)", then how come switch get resets from this port when its line protocol is down? 
I have this confusion, any comments plz...