Hello Team,

austinmbailey1 · ‎12-15-2015

So we are upgrading our IDS and our network security engineer is having issues connecting it to the network. We haven't changed any configurations on the switch that the IDS connects to since the old one was taken out (which connected fine). I'm not familiar with the IDS, but here is what he said to me.

"In passive mode, I configure interface s1p1 and s1p2 to passively listen If I trick my sensor to believe it's inline, I can bind s1p1 - s1p4 to an inline set using s1p1&s1p2 / s1p3&s1p4 as respective pairs. This works. I see traffic and it's collected by s1p1 and s1p3 and returned from s1p2 and s1p4 (which there's nothing connected to these interfaces. It just thinks it's inline). I'm baffled. I guess the link state changes when it goes into inline mode rather than passive... but passive was working with the 3D3500 sensor on the exact same connections."

The ports it connects to on our switch have these configurations on them:

INterface GigabitEthernet 1/1/1 & 2

switchport mode trunk

ip device tracking maximum 0

channel-group 1 mode active

Can someone please tell me if there is a configuration issue on my switch he is connecting to or a configuration issue on his IDS? Thanks!

-Austin

Dennis Perto · ‎05-16-2016

I have a costumer where the device is connected as you describe.

Inline:
s1p1-s1p2, s1p3-s1p4

s1p1 and s1p3 is in a channel-group on the switch, and the same for s1p2 and s1p4.

I am unsure what you mean when you say that the switch does not connect.

Jetsy Mathew · ‎05-17-2016

Hello Team,

Is the issue is happening only after the upgrade or you about to perform the upgrade ?

Any recent changes done on the system ?

reagrds

Jetsy

Sourcefire IDS not connecting to network