IDSM2 VACL configuration

koiflowerhorn · ‎05-02-2006

We have Cisco 6500 catalyst running on native IOS 12.1(13) and recently purchased a IDSM2 (5.1). I have succesfully tested it to run on promiscous mode, but I having problem on applying a VACL configuration. I want apply VACL so I could have a control on VLAN. I followed the config on the configuration manual on cisco site but still unsuccesfull. Anyone could help me on this? Hope someone could give sample config for this. Thanks

Configuration Done:

intrusion-detection module 5 data-port 1 capture allowed-vlan 1

intrusion-detection module 5 data-port 1 capture

.

vlan access-map CAPTURE 10

match ip address MATCH

action forward capture

.

ip access-list extended MATCH

permit ip any any

cat6500:

Slot 1 : Sup2/MSFC2

Slot 3 : 48 Ports / RJ45

Slot 5 : IDSM2

note: Port 3/1 - 5 is member of Vlan 1

- Succeful detecting in Span Port

- VACL not succesful

Fernando_Meza · ‎05-02-2006

can you please show me the config of you Cat 6500 where you are defining the capturing ports and also where you are applying the filter CAPTURE to VLAN 1.. NOTE: IDSM2 uses ports 7 and 8 on the respective module ..

koiflowerhorn · ‎05-02-2006

Hi Fernando,

Above is the exact configuration I used. Plus ports 3/1 & 3/2 of as switcport access.

Thanks,

DanielSpeck · ‎05-03-2006

Add the following to have the VLAN access-map only look at traffic on VLAN 1.

vlan filter CAPTURE vlan-list 1