Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

New IDS 4215 - does not seem to be monitoring

Hello - I installed my IDS 4215 and I can get to the web interface on the management side. I set up a span on my IOS switch and CatOS switch (tried both) with the source as port n/n and the destination as the sensor port. I then set up IP logging for a particular IP address I knew the sensor would see but I show 0 packets captured. On the statistics I see I am getting packets on the Fe0/1 but nothing in the log. I even set up RFC 1918 as an alert and set up my pc for 192.168 on the span source port but no alarms. Please help!

1 REPLY
New Member

Re: New IDS 4215 - does not seem to be monitoring

have you added an interface to be the sniffing interface and then added it to a virtual sensor (vs0)

cisco IPS software version up to 5.x support only one virtual sensor (vs0). Versions 6.x and up supports more

here is the manual for 5.x

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00804d1372.html#wp1030007

basically what you do is:

enable/assign one Sensing Port to be Promiscuous or 2 to be Inline pair

Add the enabled/assigned interface(s) to the Virtual Sensor VS0 or if you have 6.x you can use VS0 ( the default or create an other virtual sensor )

PS.

every IPS has:

at least 1 Sensing Port (allow to sniff) ans usually up to 4

only 1 Command and Control Port ( port used for communications between you and the IPS)

155
Views
0
Helpful
1
Replies
CreatePlease to create content