Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

IDS-4230-FE Connectivity

Ladies & Gentlemen,

I'm trying to figure how an NIDS be connected to check against the traffic destined to a network segment.

I know that if the NIDS's monitoring port is connected to a switch[2950-24], it can watch all traffic taking place on all other 23 ports of the switch.

I guess my understanding as stated above is right.

What I dont understand is how IDS Director [CSPM] is connected to the NIDS.

Appreciate if any of you could comment on this.

Thank you, Ravinda.

1 REPLY
Community Member

Re: IDS-4230-FE Connectivity

Hi Ravinda,

All the IDS's in the Cisco range except for the blades have two Nic's in them, you should see this o the 4230.

The one in the slot is the promiscuous card i.e. the sniffer and the on-board nic is the one with the TCP/IP stack loaded on it. So you connect the promiscuous nic to the switch and I assume configure it as a monitoring port, then connect the other nic to either your internal network (at least this is one way of doing it).

The CSPM should be connected to your Internal Net. The first thing to do is to ensure that the CSPM can ping the sensor to ensure network connectivity. Once this is done you then go into the CSPM and configure a new sensor using sensor wizard, provided you do it right the CSPM will poll the Sensor and establish a communications stream between, I believe the postoffice daemon on the sensor and the post.office service on the CSPM (UDP port 45000 by default). After your sensor has been set-up the CSPM and sensor will always communication on udp port 45000.

114
Views
0
Helpful
1
Replies
CreatePlease to create content