Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
0
Helpful
1
Replies

Configuring sensor interface on 4250-XL

skatugampola
Level 1
Level 1

‎01-27-2006 11:33 AM - edited ‎03-10-2019 01:51 AM

Tried CISCO IDS sensor 4250-XL with the following 4 interfaces:

Int0- ethernet

Int1- ethernet -- command and control interface

Int2- fiber

Int3- fiber

Can we use Int0 (ethernet) interface as the sensoring interface? Whenever I tried to add it to sensoring group 0 in the Device Manager or command line, it fails:

TDC-4250-IDS-1# conf t

TDC-4250-IDS-1(config)# int group 0

TDC-4250-IDS-1(config-ifg)# sen

TDC-4250-IDS-1(config-ifg)# sensing-interface int0

Error: int0 is not a valid sensing interface

TDC-4250-IDS-1(config-ifg)#

IDS version is 4.0

Attached is the sh tech

Labels:
Preview file
16 KB
0 Helpful
1 Reply 1

marcabal
Cisco Employee
Cisco Employee

‎01-27-2006 01:49 PM

Versions 4.0 and 4.1 do not let you monitor the int0 interface when you have the XL card installed.

This is because the XL card is an accelerator card that needs a special driver and kernel for monitoring. When the XL card is installed the system will detects it's presence and automatically load that special driver and use the special kernel settings. The special driver and settings won't work for int0.

Now if you want to monitor with int0 and not the int2 or int3 interfaces, then there is an option with version 4.0 and 4.1. You can physically remove the XL card, and the sensor will detect the removal and load the standard driver and use the standard kernel settings and the int0 interface can then be monitored just like with a standard IDS-4250-TX box.

Because of requests like yours, this was changed in version 5.0 (and 5.1). The interface drivers and kernel settings were consolidated for the standard TX interfaces and the special XL interfaces. So in version 5.0 you can now monitor the standard copper ethernet as well as the XL interfaces at the same time.

But do be aware that the performance gains when using the interfaces on the XL card will not be seen for monitoring on the copper ethernet interface of the main board. The acceleration is built directly into the fiber ethernet ports themselves.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card