All Cisco-Network Study Notes: Applying the Sensor Configuration

Applying the Sensor Configuration

You are accessible to accredit interfaces, configure signatures, set up blocking, set up automated signature updates, and restore defaults afterwards you accept completed configuring arrangement information.

The afterward sections call how to use the Configuration tab to configure the afterward options:

Configuring Interfaces

Configuring Blocking

Configuring Automated Updates

Restoring Default Settings

Cisco Enabling and Disabling Analysis Interfaces

For every sensor, there is alone one command and ascendancy interface. Depending on the archetypal of sensor you have, you can set up to bristles sniffing or ecology interfaces. In Table 5.2, we can see the cast assuming the ecology interfaces of every IDS sensor, and the name of anniversary interface.

Table 5.2: Sensor Models and Ecology Interface Names

Sensor

Sniffing Interface

IDS-4210

int0

IDS-4215

int0

IDS-4215-4FE

int0, int2, int4, int5

IDS-4220 and IDS-4230

int0

IDS-4235

int0

IDS-4235-FE

int0, int2, int3, int4, int5

IDS-4250

int0

IDS-4250-SX

int0, int2

IDS-4250-XL

int0, int2, int3

IDS-4250-FE

int0, int2, int3, int4, int5

IDSM-2

int7 and int8

NM-CIDS

int1

Make abiding the ecology interfaces are allotment of Accumulation 0 and are enabled for the sensor to adviser the arrangement traffic.

Note

Sensors that accept factory-installed Cisco IDS adaptation 4.1 are alien with all sniffing interfaces added to Interface Accumulation 0 and disabled. On the sensor that you appetite to monitor, you charge accredit the sniffing interfaces. If you do not accredit the sniffing interfaces, the sensor will not be able to adviser your networks. Alone accredit those interfaces that you appetite to monitor; you do not charge to accredit all interfaces.

Warning

When advance from adaptation 4.0 to 4.1, some interfaces may be larboard enabled that are not assigned to a group. You charge accept to attenuate these interfaces or add them to Accumulation 0 to anticipate inconsistencies in advertisement to the sensor.

To appearance the accepted interfaces and what they are assigned as, use the appearance interface command, as displayed in Figure 5.15.

Start Figure

sensor# appearance interface command-control is up Internet abode is 192.168.50.51, subnet affectation is 255.255.255.0, Telnet is disabled. Hardware is eth1, tx Arrangement Statistics eth1 Link encap:Ethernet HWaddr 00:E0:29:75:46:75 inet addr:192.168.50.51 Bcast:192.168.50.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2819 errors:0 dropped:0 overruns:0 frame:0 TX packets:2293 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:340909 (332.9 Kb) TX bytes:1070419 (1.0 Mb) Interrupt:17 Base address:0x1400 Accumulation 0 is up Analysis ports int0 Analytic basic sensor configuration: virtualSensor Analytic anxiety approach configuration: virtualAlarm ..VirtualSensor0 General Statistics for this Basic Sensor Number of abnormal aback a displace of the statistics = 12887 :::output akin for brevity:: :

End Figure

Figure 5.15: Assuming the Interface Configuration

As you can see from Figure 5.15, our administration interface is eth1 and the ecology interface (or sniffing interface) is int0. The ecology anchorage is allotment of Accumulation 0.

Adding Interfaces to an Interface Group

To accumulation ecology interfaces into one analytic basic sensor, you will use an interface group. At this time, alone interface Accumulation 0 is supported. More than one ecology interface can be assigned to the interface group. The ecology interfaces charge be added to Accumulation 0 and be enabled for the sensor to adviser the sniffing interfaces.

Note

You will not be able to accredit the command and ascendancy interface to the interface group.

To add or abolish interfaces from Accumulation 0 is actual straightforward. In Figure 5.16, we outline the accession and abatement of an interface to Accumulation 0.

Start Figure

sensor# config t sensor(config)# interface accumulation 0 sensor(config-ifg)# no sensing-interface int0 sensor(config-ifg)# avenue // This removes int0 from the Accumulation 0. sensor(config-ifg)# sensing-interface int0 sensor(config-ifg)# avenue // This adds int0 aback into Accumulation 0.

End Figure

Figure 5.16: Adding and Removing Interfaces from Accumulation 0

Warning

The IDS-4250-XL, interface 0 (int0) is acclimated for sending TCP resets and cannot be a analysis interface.