IPS interfaces

networker99 · ‎03-23-2009

on the IDSM-2 module are the interfaces (gi0/2 gi0/7, 8) on the actual IDS module or are they referring to ports on the switch that it is installed on?

marcabal · ‎03-23-2009

The ports Gi0/7 and Gi0/8 are the actual sensor ports that you configure within the sensor configuration.

Correspondingly there are also switch side ports for each of these 2 sensor ports.

If you are using IOS then gi0/7 is internally connected to "intrusion-detection module data-port 1";

and gi0/8 is internally connected to "intrusion-detection module data-port 2"

So when configuring the IDSM-2 you have to configure data-port 1 and 2 within the switch configuration, as well as configure Gi0/7 and Gi0/8 within the IDSM-2 configuration.

rjaaouan · ‎03-26-2009

To configure the sensing ports on the IDSM-2 for inline operations, complete the following

steps.

Step 1 Log in to the switch.

Step 2 Enter privileged mode:

cat6k> enable

Step 3 Set the native VLAN for the IDSM-2 sensing ports, which are ports 7 and 8:

cat6k (enable)> set vlan 651 3/7

cat6k (enable)> set vlan 652 3/8

Note For this example, the IDSM-2 is installed in slot 3.

Step 4 Clear all VLANs from each IDSM-2 sensing port, except for the native VLAN on

each port:

cat6k (enable)>clear trunk 3/7 1-650,652-4094

cat6k (enable)>clear trunk 3/8 1-651,653-4094

Step 5 Enable bridge protocol data unit (BPDU) spanning tree filtering on the IDSM-2

sensing ports to prevent spanning tree loops:

cat6k (enable)> set spantree bpdu-filter 3/7-8 enable

I hope this is useful

Reda

j.reda7@gmail.com