Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPS Management port

If you have an IPS sensor on the public part of your network (Perimeter) is it okay to have the Mgmt port plugged into the internal network?  i.e. can the Mgmt interface be used to facilitate an attack if the device was comprimised?

And does this answer apply to routers and ASA's also?



Re: IPS Management port

The management interface of any managed device should be on your management network. The sniffing (promiscious mode) or in-line interfaces should be relitively immune to attack (compared to a normal host interface, or even the management interface of the IPS sensor).

I worry more about the management interface of the sensors than the in-line interfaces. Cisco has been slow to adapt external authentication, password aging/enforcement etc.

- Bob

Cisco Employee

Re: IPS Management port

As an update to Bob's reply, RADIUS support for authentication was added in IPS release 7.0(4)E4.

There is also ehancements to defining password sizes, required number of special characters (digits, upper/lowercase, other) along with historical passwords remembered.



Re: IPS Management port

Does anyone know if Cisco has made IPv6 addressability of the management interface a committed feature yet?

I heard it was committed for support in some future version of CSM, but last I heard not the sensor software.

I have lots of IPv6 preperation to do this year, knowing these things would make my planning a little smoother.

- Bob

New Member

Re: IPS Management port


There is a Bug ID (feature request) to add IPv6 management interface addresssing ability to the IPS sensors. The bug ID is: CSCsa60286

You should be able to follow this link, save the bug, and get updates if there are any changes (no updates for awhile now).