Cisco IDS 4210 10/100 SENSOR 规格指南
1-3
Installing Cisco Intrusion Prevention System Appliances and Modules 5.1
OL-8677-01
Chapter 1 Introducing the Sensor
How the Sensor Functions
Note
ACLs may block only future traffic, not current traffic.
•
Generate IP session logs, session replay, and trigger packets display.
IP session logs are used to gather information about unauthorized use. IP log files are written when
events occur that you have configured the appliance to look for.
events occur that you have configured the appliance to look for.
•
Implement multiple packet drop actions to stop worms and viruses.
Sensor Interfaces
The sensor interfaces are named according to the maximum speed and physical location of the interface.
The physical location consists of a port number and a slot number. All interfaces that are built-in on the
sensor motherboard are in slot 0, and the PCI expansion slots are numbered beginning with slot 1 for the
bottom slot with the slot numbers increasing from bottom to top. Interfaces with a given slot are
numbered beginning with port 0 for the right port with the port numbers increasing from right to left.
For example, GigabitEthernet2/1 supports a maximum speed of 1 Gigabit and is the
second-from-the-right interface in the second-from-the bottom PCI expansion slot. IPS-4240, IPS-4255,
and IPS-4260 are exceptions to this rule. The command and control interface on these sensors is called
Management0/0 rather than GigabitEthernet0/0.
The physical location consists of a port number and a slot number. All interfaces that are built-in on the
sensor motherboard are in slot 0, and the PCI expansion slots are numbered beginning with slot 1 for the
bottom slot with the slot numbers increasing from bottom to top. Interfaces with a given slot are
numbered beginning with port 0 for the right port with the port numbers increasing from right to left.
For example, GigabitEthernet2/1 supports a maximum speed of 1 Gigabit and is the
second-from-the-right interface in the second-from-the bottom PCI expansion slot. IPS-4240, IPS-4255,
and IPS-4260 are exceptions to this rule. The command and control interface on these sensors is called
Management0/0 rather than GigabitEthernet0/0.
There are three interface roles:
•
Command and control
•
Sensing
•
Alternate TCP reset.
There are restrictions on which roles you can assign to specific interfaces and some interfaces have
multiple roles. You can configure any sensing interface to any other sensing interface as its TCP reset
interface. The TCP reset interface can also serve as an IDS (promiscuous) sensing interface at the same
time. The following restrictions apply:
multiple roles. You can configure any sensing interface to any other sensing interface as its TCP reset
interface. The TCP reset interface can also serve as an IDS (promiscuous) sensing interface at the same
time. The following restrictions apply:
•
Because NM-CIDS and AIP-SSM only have one sensing interface, you cannot configure a TCP reset
interface.
interface.
•
Because of hardware limitations on the Catalyst switch, both of the IDSM-2 sensing interfaces are
permanently configured to use System0/1 as the TCP reset interface.
permanently configured to use System0/1 as the TCP reset interface.
•
The TCP reset interface that is assigned to a sensing interface has no effect in inline interface or
inline VLAN pair mode, because TCP resets are always sent on the sensing interfaces in those
modes.
inline VLAN pair mode, because TCP resets are always sent on the sensing interfaces in those
modes.
This section contains the following topics:
•
•
•
•
•