cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
342
Views
0
Helpful
1
Replies

IPS 4240 in test mode?

simonbonner
Level 1
Level 1

Is there a way to configure the IPS 4240 to monitor traffic but not to block connections? We are currently evaluating the device but would prefer it to monitor rather than block any live traffic at this stage. We have configured an event action filter for all sigs and all source/destination IPs to remove all the deny functions but does anyone have a different way of doing this?

1 Reply 1

rhermes
Level 7
Level 7

Simon -

You should set up your 4240 in promiscous mode (as opposed to in-line). Take a switch that is passing all the traffic you'd like to inspect and turn on port spanning with the monitor session commands:

http://www.cisco.com/en/US/docs/ios/12_3t/lanswitch/command/reference/lan_m1gt.html#wp1021715

Then feed the stream into your sensor as an input only.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: