Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
280
Views
0
Helpful
1
Replies

New IDS 4215 - does not seem to be monitoring

sdoherty
Level 1
Level 1

‎07-17-2007 11:02 AM - edited ‎03-10-2019 03:42 AM

Hello - I installed my IDS 4215 and I can get to the web interface on the management side. I set up a span on my IOS switch and CatOS switch (tried both) with the source as port n/n and the destination as the sensor port. I then set up IP logging for a particular IP address I knew the sensor would see but I show 0 packets captured. On the statistics I see I am getting packets on the Fe0/1 but nothing in the log. I even set up RFC 1918 as an alert and set up my pc for 192.168 on the span source port but no alarms. Please help!

Labels:
0 Helpful
1 Reply 1

Rodrigo Gurriti
Level 3
Level 3

‎07-17-2007 02:39 PM

have you added an interface to be the sniffing interface and then added it to a virtual sensor (vs0)

cisco IPS software version up to 5.x support only one virtual sensor (vs0). Versions 6.x and up supports more

here is the manual for 5.x

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00804d1372.html#wp1030007

basically what you do is:

enable/assign one Sensing Port to be Promiscuous or 2 to be Inline pair

Add the enabled/assigned interface(s) to the Virtual Sensor VS0 or if you have 6.x you can use VS0 ( the default or create an other virtual sensor )

PS.

every IPS has:

at least 1 Sensing Port (allow to sniff) ans usually up to 4

only 1 Command and Control Port ( port used for communications between you and the IPS)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card