Cisco IDS 4210 10/100 SENSOR 规格指南
1-8
Installing Cisco Intrusion Prevention System Appliances and Modules 5.1
OL-8677-01
Chapter 1 Introducing the Sensor
How the Sensor Functions
Designating the Alternate TCP Reset Interface
You need to designate an alternate TCP reset interface in the following situations:
•
When a switch is being monitored with either SPAN or VACL capture and the switch does not accept
incoming packets on the SPAN or VACL capture port.
incoming packets on the SPAN or VACL capture port.
•
When a switch is being monitored with either SPAN or VACL capture for multiple VLANs, and the
switch does not accept incoming packets with 802.1q headers.
switch does not accept incoming packets with 802.1q headers.
Note
The TCP resets need 802.1q headers to tell which VLAN the resets should be sent on.
•
When a network tap is used for monitoring a connection.
Note
Taps do not permit incoming traffic from the sensor.
You can only assign a sensing interface as an alternate TCP reset interface. You cannot configure
the management interface as an alternate TCP reset interface
the management interface as an alternate TCP reset interface
Interface Restrictions
The following restrictions apply to configuring interfaces on the sensor:
•
Physical Interfaces
–
On modules (IDSM-2, NM-CIDS, AIP-SSM-10, and AIP-SSM-20) and IPS-4240, IPS-4255,
and IPS-4260 all backplane interfaces have fixed speed, duplex, and state settings. These
settings are protected in the default configuration on all backplane interfaces.
and IPS-4260 all backplane interfaces have fixed speed, duplex, and state settings. These
settings are protected in the default configuration on all backplane interfaces.
–
For nonbackplane FastEthernet interfaces the valid speed settings are 10 Mbps, 100 Mbps, and
auto. Valid duplex settings are full, half, and auto.
auto. Valid duplex settings are full, half, and auto.
–
For Gigabit fiber interfaces (1000-SX and XL on the IDS-4250), valid speed settings are 1000
Mbps and auto.
Mbps and auto.
–
For Gigabit copper interfaces (1000-TX on the IDS-4235, IDS-4250, IPS-4240, IPS-4255, and
IPS-4260), valid speed settings are 10 Mbps, 100 Mbps, 1000 Mbps, and auto. Valid duplex
settings are full, half, and auto.
IPS-4260), valid speed settings are 10 Mbps, 100 Mbps, 1000 Mbps, and auto. Valid duplex
settings are full, half, and auto.
–
For Gigabit (copper or fiber) interfaces, if the speed is configured for 1000 Mbps, the only valid
duplex setting is auto.
duplex setting is auto.
–
The command and control interface cannot also serve as a sensing interface.
•
Inline Interface Pairs
–
Inline interface pairs can contain any combination of sensing interfaces regardless of the
physical interface type (copper versus fiber), speed, or duplex settings of the interface.
However, pairing interfaces of different media type, speeds, and duplex settings may not be
fully tested or officially supported. For more information, see
physical interface type (copper versus fiber), speed, or duplex settings of the interface.
However, pairing interfaces of different media type, speeds, and duplex settings may not be
fully tested or officially supported. For more information, see
–
The command and control interface cannot be a member of an inline interface pair.
–
You cannot pair a physical interface with itself in an inline interface pair.
–
A physical interface can be a member of only one inline interface pair.