From: Kal Han (calikali2006@gmail.com)
Date: Wed Nov 01 2006 - 22:17:32 ART
Hi
I am trying to get IDS reset and blocking feature work.
Blocking is working fine but not the resets.
I have a few questions about these two.
what interface does the sensor use for blocking ? ( sensing or C&C )
what interface does the sensor use for sending resets ? ( sensing or C&C )
After I configure blocking ( say manual blocking ) I immediately see the new
blocking acl
on the managed device ( router in my case )
But, reset* NEVER* worked for me !!!
*the signature that I configured to send reset is fired and I can see that
on the IEV.*
But I dont see the connection being reset.
*Here is my switch config*
monitor session 1 source interface Fa0/1 - 10 rx
monitor session 1 destination remote vlan 500 reflector-port Fa0/21
monitor session 2 destination interface Fa0/15 ingress *vlan 219 <- what
vlan should I give here. **
*monitor session 2 source remote vlan 500
My sensing interface (fa0/15) is in VLAN 219 and I gave the same vlan for
ingress vlan ( 219 )
Is this correct ?
What exactly is this vlan used for. ( in the sense that, After the sensor
sends a 'reset' ,
will the switch add a vlan219 tag and send it to all the ports in vlan 219 +
trunk ports ?
or what does it do ??? )
If it just sends to all the ports in vlan219, what about other ports, how
will they receive resets ?
How can I make the reset thing work ?
Can anyone please let me know how this whole thing works ? ( I got the
concept but not all the details )
*switch config ( monitor config + sensing interface config + any information
on what VLAN to use*
*as ingress vlan and what will switch do with that vlan so that the reset
finally reaches*
*both the end devices ) is really really appreciated.*
Thanks
Kal
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:44 ART