Cisco Cisco IPS 4255 Sensor
6
Release Notes for Cisco Intrusion Prevention System 6.2(1)E3
OL-15642-01
Cisco Security Intelligence Operations
Cisco Security Intelligence Operations
The Cisco Security Intelligence Operations site on Cisco.com provides intelligence reports about current
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
You should be aware of the most recent security threats so that you can most effectively secure and
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
Cisco Security Intelligence Operations contains a Security News section that lists security articles of
interest. There are related security tools and links.
interest. There are related security tools and links.
You can access Cisco Security Intelligence Operations at this URL:
Cisco Security Intelligence Operations is also a repository of information for individual signatures,
including signature ID, type, structure, and description.
including signature ID, type, structure, and description.
You can search for security alerts and signatures at this URL:
IPv6, Switches, and Lack of VACL Capture
VACLs on Catalyst switches do not have IPv6 support. The most common method for copying traffic to
a sensor configured in Promiscuous mode is to use VACL capture. If you want to have IPv6 support, you
can use SPAN ports.
a sensor configured in Promiscuous mode is to use VACL capture. If you want to have IPv6 support, you
can use SPAN ports.
However, you can only configure up to two monitor sessions on a switch unless you use the following
configuration:
configuration:
•
Monitor session
•
Multiple trunks to one or more sensors
•
Restrict per trunk port which VLANs are allowed to perform monitoring of many VLANs to more
than two different sensors or virtual sensors within one IPS
than two different sensors or virtual sensors within one IPS
The following configuration uses one SPAN session to send all of the traffic on any of the specified
VLANs to all of the specified ports. Each port configuration only allows a particular VLAN or VLANs
to pass. Thus you can send data from different VLANs to different sensors or virtual sensors all with one
SPAN configuration line:
VLANs to all of the specified ports. Each port configuration only allows a particular VLAN or VLANs
to pass. Thus you can send data from different VLANs to different sensors or virtual sensors all with one
SPAN configuration line:
clear trunk 4/1-4 1-4094
set trunk 4/1 on dot1q 930
set trunk 4/2 on dot1q 932
set trunk 4/3 on dot1q 960
set trunk 4/4 on dot1q 962
set span 930, 932, 960, 962 4/1-4 both
Note
The SPAN/Monitor configuration is valuable when you want to assign different IPS policies per VLAN
or when you have more bandwidth to monitor than one interface can handle.
or when you have more bandwidth to monitor than one interface can handle.