Cisco Cisco IPS 4255 Sensor
9
Release Notes for Cisco Intrusion Prevention System 7.0(2)E4
OL-21671-01
Cisco Security Intelligence Operations
enable UDLD protocol on the switch so that the switch can detect when the appliance has entered an
error state in which packets are being sent to the appliance, but the appliance is no longer sending packets
back to the switch. Before UDLD support was available, spanning tree and EtherChannel configurations
were unable to detect certain appliance failures, which resulted in either spanning-tree loops or the
switch not using alternate routes for the packets.
error state in which packets are being sent to the appliance, but the appliance is no longer sending packets
back to the switch. Before UDLD support was available, spanning tree and EtherChannel configurations
were unable to detect certain appliance failures, which resulted in either spanning-tree loops or the
switch not using alternate routes for the packets.
Note
No special configuration is necessary on the appliance. Configure the appliance for inline VLAN pairs
and make sure its interfaces are enabled.
and make sure its interfaces are enabled.
To configure a Catalyst 6500 series switch to use UDLD with an appliance configured in inline VLAN
pair mode, follow these steps:
pair mode, follow these steps:
Step 1
Log in to the console.
Step 2
Globally enable UDLD in aggressive mode and prevent the switch from automatically restoring an
interface that has been disabled by UDLD.
interface that has been disabled by UDLD.
switch(config)# udld aggressive
switch(config)# no errdisable recovery cause udld
switch(config)# errdisable detect cause udld
switch(config)# udld message time 7
Step 3
Configure the switch interface connected to the sensor interface for UDLD aggressive mode.
switch(config)# interface gigabitethernet slot/port
switch(config-if)# udld port aggressive
Repeat Step 3 for each switch interface connected to the sensor interface.
Step 4
If UDLD disables a switch port, you must correct the sensor error and recover the switch interface
manually. To recover the switch interface, shut down the interface, and then reenable it.
manually. To recover the switch interface, shut down the interface, and then reenable it.
switch(config)# interface gigabit ethernet slot/port
switch(config-if)# shutdown
switch(config-if)# no shutdown
For More Information
•
For more information on UDLD, refer to the Cisco IOS documentation.
•
For the procedure for configuring inline VLAN pairs on appliances, for the CLI refer to
, and for the IME refer
to
.
Cisco Security Intelligence Operations
The Cisco Security Intelligence Operations site on Cisco.com provides intelligence reports about current
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
You should be aware of the most recent security threats so that you can most effectively secure and
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
Cisco Security Intelligence Operations contains a Security News section that lists security articles of
interest. There are related security tools and links.
interest. There are related security tools and links.