07-23-2009 01:18 AM - edited 03-10-2019 04:42 AM
Hi
I hav2 2 6509 switches which are working as core switches.In each 6509 i have IDSM-2 module.The Aggregation 6509 switches are doing the routing for the vlans and connected to core 6509 from where traffic exit for wan & internet.
In my IDSM2 i am planning to capture the traffic of uplink ports coming from Aggregation to core .which mode of IDSM would be preferred.
can i connect the workstation to capture the IDSM events.will the workstation and management vlan id of idsm should be in same subnet or it can be in diffrent subnet and reachable via routing.
I have 2 data ports on the cards so all uplinks traffic should be captured to both data ports or divided among 2 data ports.
will the vlan monitoring would be better option than physical uplink port monitoring
pl share any sample config available for the same???
07-29-2009 05:44 AM
Operating in Inline Interface Pair mode puts the Intrusion Prevention System (IPS) directly into the traffic flow and affects packet-forwarding rates, which makes them slower when latency is added. This allows the sensor to stop attacks so it drops malicious traffic before it reaches the intended target, thus it provides a protective service. Not only is the inline device processing information on Layers 3 and 4, but it also analyzes the contents and payload of the packets for more sophisticated embedded attacks (Layers 3 to 7). This deeper analysis lets the system identify and stop and/or block attacks that normally pass through a traditional firewall device.
In Inline Interface Pair mode, a packet comes in through the first interface of the pair on the sensor and out the second interface of the pair. The packet is sent to the second interface of the pair unless that packet is being denied or modified by a signature.
07-30-2009 03:05 AM
Hi
Thanks for the reply..
I have configured a port on my core with same vlan id which is used for IDSM management vlan and able to telnet to idsm managememt vlan ip.how can i see the events happening on the console or traffic statatics.
can you share the inline interface pair mode configuration for reference.IDSM configuration guide has the details but not getting clear.
07-30-2009 06:19 AM
You can see events on the console with the "show event alert past 01:00"
You can watch your stats with the "show analysis stat" command.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide