Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Reset TCP session in working with 2950

Dear all,

When the sniffing interface is connected to the monitoring port in 2950, the tcp reset feature don't work? Does anyone know what's the problem of it? Accept configuring the monitoring port in 2950, any other configuration is needed to make the tcp reset work? Thanks

Gary

3 REPLIES
New Member

Re: Reset TCP session in working with 2950

Gary,

Refer to 'Configuring TCP Reset Using IDS Director' at the URL:

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a008009491d.shtml.

Also, take a look at Cisco Intrusion Detection System (Overview Q&A) at:

http://www.cisco.com/en/US/products/hw/vpndevc/ps976/products_qanda_item09186a00800887c2.shtml

Cisco Employee

Re: Reset TCP session in working with 2950

Some switches allow packets in on their span port. These work fine with

TCP Reset.

Some switches do not allow packets in on their span port. These do not work with TCP Reset.

Some switches (like the Cat 6000) have special "inpkts enable" command to allow packets in on their span port.

I don't know which category the 2950 fits into.

NOTE: In order for TCP Resets to work, the span port must also be in the same vlan as the connection being reset; or else the reset gets sent to the wrong vlan. NOTE: Future versions of the sensor will allow you to monitor with a span port that is also a trunl port so future versions can reset on each of the vlans being spanned (assuming the swtch allows in packets on the span port)

New Member

Re: Reset TCP session in working with 2950

The 2950 will not support the inpkts option for your span port. You will not be able to use TCP Resets. This option is required in order to inject packets into the span port otherwise it is just passive. You would need a higher end switch to support this..

Derek Twaddle

114
Views
0
Helpful
3
Replies
CreatePlease to create content