When was this feature a requirement? The reason I ask is that we tested the tcp reset function on the 2924 spanport switch about a year ago and it worked at that time. Additionally, I performed this in a lab environment when I took the CSIDS 2.0 class from Global Knowledge. We also used low end switches.
Also, in which version of the IDS engine did INPKTS become a requirement?
It is not an issue with the IDS code, it is an issue with the switch code.
Some switches always allow packets to come in on their SPAN ports. I would presume that the 2924 you mention is this type.
Some switches never allow packets to come in on their SPAN ports. I don't of any specific Cisco models at the moment but other users have mentioned one or two in the past.
Some switches (like the 6500) allow the user to configure if packets should be allowed to come in the SPAN port. This switch configuraiton is "inpkts enable".
Other things to be aware.
Most switchs transmit packets out their span ports as a normal IP packets just like other Access ports on the switch. If the switch transmits these normal packets and allows incoming packets, then TCP Resets should work fine.
Recently, however, I've heard of switches that are encoding the IP Packets inside of dot1q headers (normally used on trunk ports). The sensor code understands dot1q and can alarm properly. (though the IDS-4210, and IDS-4230 models do need a Engineering driver for the larger dot1q packets that result).
However, there is a bug in the sensor code for TCP Resets. The sensor can not TCP Reset a connection if it monitored the connection with dot1q packet headers.
This is a sensor issue and is being worked on by our development team for a future sensor version.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :