Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
343
Views
0
Helpful
1
Replies

Cisco IPS 4240 Questions

shoaibalam
Level 1
Level 1

‎04-13-2005 01:00 AM - edited ‎03-10-2019 01:23 AM

1. When we configure TCP resets, Shunhost, or Shunconnection in the "action" option of the IPS 4240, is this action taken on behalf of IPS through its Command and control port or the Monitoring port?

2. If through Monitoring port then if we take the "show interface" on the Switch for the SPAN port, its something like "line protocol down(monitoring)", then how come switch get resets from this port when its line protocol is down?

I have this confusion, any comments plz...

Labels:
0 Helpful
1 Reply 1

marcabal
Cisco Employee
Cisco Employee

‎04-13-2005 09:35 AM

resets go out the corresponding monitoring interface of the 4240

The shuns are done through the command and control port.

Through a telnet or ssh connection to a router switch or firewall depending on the network access controller configuration you put on your sensor.

Since resets do go out the monitoring interface the receive port counter should increase on your span port if your span port allows incoming packets (this is dependant on your specific switch) If your switch does not allow incoming packets then the resets will be dropped by the switch and the resets will not work.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card