Cisco Support Community
Community Member

capture-port is configured as trunk

Anybody know what is the default configuration for capture-port on IDSM cat6000. Is it member of Vlan or trunk. My IDSM automatically configure as below:

C6506B-sup> (enable) sh port 4

Port Name Status Vlan Duplex Speed Type

----- ------------------ ---------- ---------- ------ ----- ------------

4/1 connected trunk full 1000 Intrusion Detection

4/2 connected 1 full 1000 Intrusion Detection

I have configure VACL but CSPM cannot get any alarm for the sensor and I suspect the capture port is configured as trunk but cannot change as member of Vlan.

Please anybody can help me?


Cisco Employee

Re: capture-port is configured as trunk

By default port 1 of the IDSM is a capture port and a trunk port for all vlans in the switch.

So this way you can apply a VACL with the "capture" keywork on any of the vlans in the switch, and the IDSM should receive a copy of those capture packets.

You can limit the IDSM to only receive copies of the "captured" packets from specific vlans by clearing those vlans from the IDSM trunk port.

I have seen only one situation where the IDSM was not being set to a capture port by default.

Look for the "set security acl capture-port 4/1" command in your configuration to see if this may be the problem.

You can also try executing that configuration command yourself.

You can then try sessioning into the module and running "show ip traffic" to see if the sensing interface is seeing any packets.

You can also run "nrconns" from within the diag mode to see if the module has an Established connection with CSPM.

You can also run "show events current" from within diag mode to see if the module is generating any alarms in its own log files.

CreatePlease to create content