IDSM2 Data Port logic ?

dumlutimuralp · ‎06-29-2005

Hey everybody,

Icouldnt figure out something about IDSM2. It says int7 and int 8 are sensing ports. eth0 is control management port. config examples are all the same

intrusion-detection module x data-port 1.

On IDSM config guide it says dataport 1 is a trunk port and data port 2 is the management port. But I can add data port 2 for capturing as well. I logged onto the module through IDM and for the data port 1 it says tcp reset port. I know all the technical terms about all this however I couldnt figure out how these terms are mapped to int7 or int 8 , or all the way the other ? I know when I run show interfaces command it says eth0 is command and control port. Id really appreciate it if anyone can help me out with this.

marcabal · ‎06-29-2005

There are 6 naming conventions to be aware of.

The name of the interface in the IDSM-2's own CLI in V4.1.

The name of the interface used by the Operating System (ifconfig command) in V4.1.

The name of the interface in the IDSM-2's own CLI in V5.0.

The name of the interface used by the Operating System (ifconfig command) in V5.0

The name of the switch port in Cat OS.

and

The name of the switch port in Native IOS.

The first port is the TCP Reset port:

This port is only used for sending TCP Resets.

It is suggested that the configuration of the TCP Reset port always be left as the default.

4.1 CLI: int1

4.1 OS: eth1

5.0 CLI: System0/1

5.0 OS: sy0_1

Cat OS: /1

IOS: N/A (not configurable in IOS)

The second port is the Command and Control port:

This port is used for remote management of the sensor through SSH, Telnet, or Web access.

4.1 CLI: int2

4.1 OS: eth0

5.0 CLI: GigabitEthernet0/2

5.0 OS: ge0_2

Cat OS: /2

IOS: management-port

The 3rd through 6th ports are disabled.

These ports are completely unused by the IDSM-2. They exist because the IDSM-2 is based off hardware used by other modules that do make use of the additional ports.

4.1 CLI: N/A

4.1 OS: N/A

5.0 CLI: N/A

5.0 OS: N/A

Cat OS: /3 - /6

IOS: N/A

The 7th port is a Sniffing port

The 7th port can be configured for promiscuous monitoring as a VACL Capture port or Span destination port, or for inline monitoring (v5.0)

4.1 CLI: int7

4.1 OS: N/A (not recognized by ifconfig in 4.1)

5.0 CLI: GigabitEthernet0/7

5.0 OS: ge0_7

Cat OS: /7

IOS: data-port 1

The 8th port is a Sniffing port

The 8th port can be configured for promiscuous monitoring as a VACL Capture port or Span destination port, or for inline monitoring (v5.0)

4.1 CLI: int8

4.1 OS: N/A (not recognized by ifconfig in 4.1)

5.0 CLI: GigabitEthernet0/8

5.0 OS: ge0_8

Cat OS: /8

IOS: data-port 2

dumlutimuralp · ‎06-29-2005

Thanks a lot for this detailed reply. It helped a lot.

jeff-krauss · ‎10-12-2005

Hi Marco,

This update on port syntax is helpful. However, it raises a question regarding TCP Reset configuration in the IDSM-2.

From the IPS 5.0 configuration documentation for the IDSM-2:

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_configuration_guide_chapter09186a0080459221.html#wp1059158

It says:

"The IDSM-2 has a TCP reset interface—port 1. The IDSM-2 has a specific TCP reset interface because it cannot send TCP resets on its sensing ports.

If you have reset problems with the IDSM-2, try the following:

•If the sensing ports are access ports (a single VLAN), you need to configure the reset port to be in the same VLAN.

•If the sensing ports are dot1q trunk ports (multi-VLAN), the sensing ports and reset port all must have the same native VLAN, and the reset port must trunk all the VLANs being trunked by both the sensing ports. "

However, if, as you've described above, the TCP Reset port is not configurable for IOS, then do the above comments from the documentation only apply to CatOS IDSM?

If that is the case, does that mean the TCP Reset interface is present in all VLANs and therefore can provide a reset wherever it needs to without any configuration?

Thanks,

Jeff

marcabal · ‎10-13-2005

You are correct. The above comments only apply to Cat OS.

In Native IOS the sensing ports of the IDSM-2 are always forced to 802.1q trunk ports with native vlan 1 when used in a promiscuous configuration. Native IOS won't allow you to change the native vlan unlike Cat OS.

So in Native IOS we were able to always force the TCP Reset interface to be a 802.1q trunk port with native vlan 1 and simply make it a trunk of all vlans. Since no additional configuration was necessary or possible for that port in Native IOS there is no configuration of the port by the user.

It should always work with the default hardcoded settings.