Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1627
Views
0
Helpful
0
Comments

Configuring VACL captures on the IDSM-2 host switch

Christopher Dreier
Level 3
Level 3

‎07-22-2010 08:45 AM - edited ‎03-08-2019 06:34 PM 

 ip access-list extended ALL_TRAFFIC
  permit ip any any
 !
 vlan access-map IDS_CAPTURE 10
  match ip address ALL_TRAFFIC
  action forward capture
 !
 vlan filter IDS_CAPTURE vlan-list 44
 !
 intrusion-detection module 4 management-port access-vlan 3
 intrusion-detection module 4 data-port 1 capture
 intrusion-detection module 4 data-port 1 capture allowed-vlan 44,101
 intrusion-detection module 4 data-port 1 autostate include

Notes:

If the filter is applied to VLAN 44, even though VLAN  101 and 44 are allowed, the IDSM will only see traffic on VLAN 101 if it traverses VLAN 44.

There is a small note describing this between steps 8 and 9 in the Configuration Guide:

http://www.cisco.com/en/US/docs/security/ips/6.2/configuration/guide/cli/cli_idsm2.html#wp1030828

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents