Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
454
Views
3
Helpful
3
Replies

IDSM2 Configuration

sameermunj
Level 1
Level 1

‎07-23-2009 01:18 AM - edited ‎03-10-2019 04:42 AM

Hi

I hav2 2 6509 switches which are working as core switches.In each 6509 i have IDSM-2 module.The Aggregation 6509 switches are doing the routing for the vlans and connected to core 6509 from where traffic exit for wan & internet.

In my IDSM2 i am planning to capture the traffic of uplink ports coming from Aggregation to core .which mode of IDSM would be preferred.

can i connect the workstation to capture the IDSM events.will the workstation and management vlan id of idsm should be in same subnet or it can be in diffrent subnet and reachable via routing.

I have 2 data ports on the cards so all uplinks traffic should be captured to both data ports or divided among 2 data ports.

will the vlan monitoring would be better option than physical uplink port monitoring

pl share any sample config available for the same???

Labels:
0 Helpful
3 Replies 3

vmoopeung
Level 5
Level 5

‎07-29-2009 05:44 AM

Operating in Inline Interface Pair mode puts the Intrusion Prevention System (IPS) directly into the traffic flow and affects packet-forwarding rates, which makes them slower when latency is added. This allows the sensor to stop attacks so it drops malicious traffic before it reaches the intended target, thus it provides a protective service. Not only is the inline device processing information on Layers 3 and 4, but it also analyzes the contents and payload of the packets for more sophisticated embedded attacks (Layers 3 to 7). This deeper analysis lets the system identify and stop and/or block attacks that normally pass through a traditional firewall device.

In Inline Interface Pair mode, a packet comes in through the first interface of the pair on the sensor and out the second interface of the pair. The packet is sent to the second interface of the pair unless that packet is being denied or modified by a signature.

sameermunj
Level 1
Level 1
In response to vmoopeung

‎07-30-2009 03:05 AM

Hi

Thanks for the reply..

I have configured a port on my core with same vlan id which is used for IDSM management vlan and able to telnet to idsm managememt vlan ip.how can i see the events happening on the console or traffic statatics.

can you share the inline interface pair mode configuration for reference.IDSM configuration guide has the details but not getting clear.

0 Helpful

rhermes
Level 7
Level 7
In response to sameermunj

‎07-30-2009 06:19 AM

You can see events on the console with the "show event alert past 01:00"

You can watch your stats with the "show analysis stat" command.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card