Filter
Top Products
1-16
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.1
OL-24002-01
Chapter 1 Introducing the Sensor
How the Sensor Functions
The following configuration uses one SPAN session to send all of the traffic on any of the specified
VLANs to all of the specified ports. Each port configuration only allows a particular VLAN or VLANs
to pass. Thus you can send data from different VLANs to different sensors or virtual sensors all with one
SPAN configuration line:
clear trunk 4/1-4 1-4094
set trunk 4/1 on dot1q 930
set trunk 4/2 on dot1q 932
set trunk 4/3 on dot1q 960
set trunk 4/4 on dot1q 962
set span 930, 932, 960, 962 4/1-4 both
Note
The SPAN/Monitor configuration is valuable when you want to assign different IPS policies per VLAN
or when you have more bandwidth to monitor than one interface can handle.
For More Information
For more information on promiscuous mode, see Promiscuous Mode, page 1-15.
Inline Interface Pair Mode
Operating in inline interface pair mode puts the IPS directly into the traffic flow and affects
packet-forwarding rates making them slower by adding latency. This allows the sensor to stop attacks by
dropping malicious traffic before it reaches the intended target, thus providing a protective service. Not
only is the inline device processing information on Layers 3 and 4, but it is also analyzing the contents
and payload of the packets for more sophisticated embedded attacks (Layers 3 to 7). This deeper analysis
lets the system identify and stop and/or block attacks that would normally pass through a traditional
firewall device.
In inline interface pair mode, a packet comes in through the first interface of the pair on the sensor and
out the second interface of the pair. The packet is sent to the second interface of the pair unless that
packet is being denied or modified by a signature.
Note
You can configure the ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and
ASA 5585-X IPS SSP) to operate inline even though they have only one sensing interface.
Note
If the paired interfaces are connected to the same switch, you should configure them on the switch as
access ports with different access VLANs for the two ports. Otherwise, traffic does not flow through the
inline interface.