From: Jonathan Hays (nomad@gfoyle.org)
Date: Mon Apr 05 2004 - 16:40:05 GMT-3
I there some way I use int0 as the sensing interface on an IDS 4250XL,
instead of the 2 fiber-based ports?
Here's the story:
I have an IDS 4250XL to play with for a few days and I have a
configuration question for anyone who is familiar with this beast.
It comes with two builtin 10/100 ports, one of which is the command and
control interface, is labeled with a '2', and shows up as 'eth1' in the
'show interfaces' output of the 4250XL (see below). The other interface
is labeled with a '1' but this does not show up in the 'show interfaces'
output. I believe this other builtin port is the sensing interface on
the non-XL version (the 4250, which I do not have) is also known as
'int0'. I would like to use this 10/100 port as my sensing interface on
the 4250XL but I can't see anything either in the documentation or by
drilling through CLI options that would allow me to use it.
By default the 4250XL sensing interfaces are int2 and int3, which are
the 1000BASE-SX fiber interfaces on the XL card. I know I'm repeating
myself here, but I believe the 4250 is pretty much the same box except
it does NOT come with the IDS Accelerator (XL) card and instead uses
int0 (labeled '1' on the chassis) as the sensing interface.
Unfortunately I don't have a switch with fiber ports to connect to the
XL card's 1000BASE-SX MTRJ ports so I would like to use that '1' builtin
port.
Any hints on how to do this?
Thanks,
Jonathan
- - -
sensor# sh ver
Application Partition:
Cisco Systems Intrusion Detection Sensor, Version 4.1(1)S47
OS Version 2.4.18-5smpbigphys
Platform: IDS-4250-XL
Using 308756480 out of 1980493824 bytes of available memory (15% usage)
Using 529M out of 15G bytes of available disk space (4% usage)
MainApp 2003_Jun_20_06.00 (Release)
2003-06-20T05:53:31-0500 Running
AnalysisEngine 2003_Jun_20_06.00 (Release)
2003-06-20T05:53:31-0500 Running
Authentication 2003_Jun_20_06.00 (Release)
2003-06-20T05:53:31-0500 Running
Logger 2003_Jun_20_06.00 (Release)
2003-06-20T05:53:31-0500 Running
NetworkAccess 2003_Jun_20_06.00 (Release)
2003-06-20T05:53:31-0500 Running
TransactionSource 2003_Jun_20_06.00 (Release)
2003-06-20T05:53:31-0500 Running
WebServer 2003_Jun_20_06.00 (Release)
2003-06-20T05:53:31-0500 Running
CLI 2003_Jun_20_06.00 (Release)
2003-06-20T05:53:31-0500
Upgrade History:
No upgrades installed
Recovery Partition Version 1.2 - 4.1(1)S47
sensor# show interfaces
command-control is up
Internet address is 172.16.16.20, subnet mask is 255.255.255.0, telnet
is disabled.
Hardware is eth1, tx
Network Statistics
eth1 Link encap:Ethernet HWaddr 00:0B:DB:95:61:EB
inet addr:172.16.16.20 Bcast:172.16.16.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:44049 errors:0 dropped:0 overruns:0 frame:0
TX packets:451 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3373519 (3.2 Mb) TX bytes:288960 (282.1 Kb)
Interrupt:16 Base address:0xdcc0 Memory:feb20000-feb40000
Group 0 is up
Sensing ports int2,int3
Logical virtual sensor configuration: virtualSensor
Logical alarm channel configuration: virtualAlarm
[snip]
sensor# conf t
sensor(config)# interface sensing
<name> Sensing interface name
sensor(config)# interface sensing int0
^
% Invalid input detected at '^' marker
sensor(config)# interface sensing int2
sensor(config-ifs)# exit
sensor(config)# interface group 0
sensor(config-ifg)# sensing-interface
<name> Comma separated list of sensing interface names
sensor(config-ifg)# sensing-interface int0
Error: int0 is not a valid sensing interface
sensor(config-ifg)#
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:42 GMT-3