RE: Inline VLAN pair + promiscuous mode on the same IPS from Steve Means on 2009-05-12 (Ccielab archives 05/2009)

From: Steve Means <smeans_at_ccbootcamp.com>
Date: Tue, 12 May 2009 10:33:28 -0700

Doable for sure. Things to check:

That the promiscuous interface is enabled on the IPS. Can't do much if the
port is shut. :)
That the interface is assigned to the virutal sensor. Yes you can have
mulitple promiscuous interfaces, multiple VLAN pairs, etc.... all on the same
interface. (at least on 6.0 which I'm running)
That the SPAN or RSPAN configuration on the switch is properly configured.
Monitoring the right VLANs, etc...

And yes, it can get goofy sometimes and require a reboot of the sensor, but
check everything else first.

Steve Means
Security Instructor/Consultant
smeans_at_ccbootcamp.com
CCBOOTCAMP - A Cisco Learning Partner
877.654.2243 Toll Free
+1.702.968.5100 Direct Outside the USA
+1.702.446.0357 Fax
YES! We take Cisco Learning Credits

________________________________

From: nobody_at_groupstudy.com on behalf of Sadiq Yakasai
Sent: Tue 5/12/2009 6:17 AM
To: Farrukh Haroon
Cc: Cisco certification; Cisco certification
Subject: Re: Inline VLAN pair + promiscuous mode on the same IPS

Thanks bro!

Well, yes I have. But I noticed that I couldnt configure both the VLAN pair
and then the second (promiscuous) interface on the same virtual sensor
instance. Is that expected behaviour then?

I have rebooted the bloody thing, see where that takes me.

Thanks again,
Sadiq

On Tue, May 12, 2009 at 2:14 PM, Farrukh Haroon
<farrukhharoon_at_gmail.com>wrote:

> I meant 'without' any issues :)
>
>
> On Tue, May 12, 2009 at 4:14 PM, Farrukh Haroon
<farrukhharoon_at_gmail.com>wrote:
>
>> Can be done with any issues.
>>
>> Did you add both interfaces to the virtual sensor?
>>
>> Regards
>>
>> Farrukh
>>
>> On Tue, May 12, 2009 at 3:49 PM, Sadiq Yakasai
<sadiqtanko_at_gmail.com>wrote:
>>
>>> Hey guys,
>>>
>>> I have been trying to configure my IPS to do inline VLAN pair and at the
>>> same time, configure a second interface on the sensor to do promiscuous
>>> mode
>>> on another segment on the network. Is this possible at all? I have tried
>>> to
>>> do everything I can but does not seem to be working. I can see the
>>> traffic
>>> enters the IPS but its not triggering the signatures, etc.
>>>
>>> Anyone has any clue whats going on here?
>>>
>>> Thanks!
>>>
>>>
>>> --
>>> CCIE #19963
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>

--
CCIE #19963
Blogs and organic groups at http://www.ccie.net

Received on Tue May 12 2009 - 10:33:28 ART

This archive was generated by hypermail 2.2.0 : Mon Jun 01 2009 - 07:04:42 ART