[ LiB ] |
The interface configuration modes allow you to configure the command and control interface, the sensing interface, and an interface group . Table 7.2 lists the interface commands needed to navigate to each of these different interface modes and the command prompt that appears.
Command | Prompt |
---|---|
interface command-control | Sensor(config-if)# |
interface sensing int0 | Sensor(config-ifs)# |
interface group 0 | Sensor(config-ifg)# |
The command and control interface mode allows you to define an IP address to be used by outside management stations. These stations connect to this interface to configure and retrieve logs from the sensor. Remember that this interface should be connected to a secure management LAN so hackers won't be able to acquire access to the sensor configurations. Listing 7.3 displays the commands available at the command and control interface level.
sensor# config t sensor(config)# interface command-control sensor(config-if)# ? end Exit interface configuration mode and return to exec mode exit Exit interface configuration mode and return to global configuration mode ip Configure IP information for interface show Display system settings and/or history information
The default command and control interface IP address is 10.1.9.201 , which is located on int1. ITs recommend using the services host networkParams commands to change the IP address. Note, the IDSM2 doesn't use int1 for the command and control; it uses port 2 instead. |
The sensing interface level allows you to enable sensing interfaces by using the no shutdown command. That's about all that you can accomplish at this configuration mode. You cannot configure the sensing interfaces with IP addresses because they are primarily used to sense traffic and send TCP resets. Listing 7.4 demonstrates the use of the no shutdown command to enable sensing int0. If you have additional interfaces, you have to enable each of them individually.
sensor# config t sensor(config)# interface sensing int0 sensor(config-ifs)# ? end Exit interface sensing configuration mode and return to exec mode exit Exit interface sensing configuration mode and return to global configuration mode no Remove configuration show Display system settings and/or history information shutdown Disable the sensing interface sensor(config-ifs)# sensor(config-ifs)# no shutdown
Sensing interfaces do not have IP addresses on them, and the configuration prompt for them is sensor(config-ifs) . |
The sensing interface can send TCP resets if the signature action is configured to do so. But no IP address is needed on the sensing interface to accomplish this. |
The interface group configuration mode is a feature that Cisco will expand upon in later versions of the IDS software. An interface group provides a way to group sensing interfaces into one logical virtual sensor. This grouping gives you the ability to control and configure all the interfaces at once. For example, while working in interface group 0 configuration mode, you can execute the no shutdown command and all interfaces in that group are enabled. Currently, IDS version 4.0 supports only one interface group called interface group 0. However, later version releases will enable you to create other groups beyond interface group 0. Listing 7.5 displays how you enter interface group 0 configuration mode and all the commands available in the mode.
sensor# config t sensor(config)# int group 0 sensor(config-ifg)# ? end Exit interface group configuration mode and return exit Exit interface group configuration mode and return no Remove configuration sensing-interface Add a sensing interface or list of interfaces to the intep show Display system settings and/or history information shutdown Disable the interface group
Listing 7.6 adds three interfaces to interface group 0 and enables them for operation.
sensor(config-ifg)# sensor(config-ifg)# sensing-interface int0 sensor(config-ifg)# sensing-interface int2 sensor(config-ifg)# sensing-interface int3 sensor(config-ifg)# no shutdown
[ LiB ] |