Cisco Enabling and Disabling Sensing Interfaces
Cisco
Enabling and Disabling Sensing Interfaces
For every sensor, there is only one command and control
interface. Depending on the model of sensor you have, you can set up to five
sniffing or monitoring interfaces. In Table 5.2, we can see the
matrix showing the monitoring interfaces of every IDS sensor, and the name of
each interface.
Table 5.2: Sensor Models and Monitoring Interface
Names
|
Sensor |
Sniffing Interface |
|
IDS-4210 |
int0 |
|
IDS-4215 |
int0 |
|
IDS-4215-4FE |
int0, int2, int4, int5 |
|
IDS-4220 and IDS-4230 |
int0 |
|
IDS-4235 |
int0 |
|
IDS-4235-FE |
int0, int2, int3, int4, int5 |
|
IDS-4250 |
int0 |
|
IDS-4250-SX |
int0, int2 |
|
IDS-4250-XL |
int0, int2, int3 |
|
IDS-4250-FE |
int0, int2, int3, int4, int5 |
|
IDSM-2 |
int7 and int8 |
|
NM-CIDS |
int1 |
Make sure the monitoring interfaces are part of Group 0 and are
enabled for the sensor to monitor the network traffic.
|
Note |
Sensors that have factory-installed Cisco IDS version 4.1
are shipped with all sniffing interfaces added to Interface Group 0 and
disabled. On the sensor that you want to monitor, you must enable the sniffing
interfaces. If you do not enable the sniffing interfaces, the sensor will not be
able to monitor your networks. Only enable those interfaces that you want to
monitor; you do not need to enable all interfaces.
|
|
Warning |
When upgrading from version 4.0 to 4.1, some interfaces may
be left enabled that are not assigned to a group. You must choose to disable
these interfaces or add them to Group 0 to prevent inconsistencies in reporting
to the sensor. |
To show the current interfaces and what they are assigned as, use
the show interface command, as displayed in Figure
5.15.
As you can see from Figure 5.15, our
management interface is eth1 and the monitoring interface (or sniffing
interface) is int0. The monitoring port is part of Group 0.
117 times read
|
|
|
Did you enjoy this article?
(total 0 votes)
|
Sections
Comments (0 posted)
Syndication
