Interface Configuration Modes (Level 3)

[ LiB ]  

The interface configuration modes allow you to configure the command and control interface, the sensing interface, and an interface group . Table 7.2 lists the interface commands needed to navigate to each of these different interface modes and the command prompt that appears.

Table 7.2. Interface Commands

Command

Prompt

interface command-control

Sensor(config-if)#

interface sensing int0

Sensor(config-ifs)#

interface group 0

Sensor(config-ifg)#


Interface Command and Control Configuration Mode

The command and control interface mode allows you to define an IP address to be used by outside management stations. These stations connect to this interface to configure and retrieve logs from the sensor. Remember that this interface should be connected to a secure management LAN so hackers won't be able to acquire access to the sensor configurations. Listing 7.3 displays the commands available at the command and control interface level.

Listing 7.3. Command and Control Interface Commands
 sensor#  config t  sensor(config)#  interface command-control  sensor(config-if)#  ?  end      Exit interface configuration mode and return to          exec mode exit     Exit interface configuration mode and return to          global configuration mode ip       Configure IP information for interface show     Display system settings and/or history information 

graphics/alert_icon.gif

The default command and control interface IP address is 10.1.9.201 , which is located on int1. ITs recommend using the services host networkParams commands to change the IP address. Note, the IDSM2 doesn't use int1 for the command and control; it uses port 2 instead.


Interface Sensing Configuration Mode

The sensing interface level allows you to enable sensing interfaces by using the no shutdown command. That's about all that you can accomplish at this configuration mode. You cannot configure the sensing interfaces with IP addresses because they are primarily used to sense traffic and send TCP resets. Listing 7.4 demonstrates the use of the no shutdown command to enable sensing int0. If you have additional interfaces, you have to enable each of them individually.

Listing 7.4. Sensing Interface
 sensor#  config t  sensor(config)#  interface sensing int0  sensor(config-ifs)#  ?  end          Exit interface sensing configuration mode and return to              exec mode exit         Exit interface sensing configuration mode and return to              global configuration mode no           Remove configuration show         Display system settings and/or history information shutdown     Disable the sensing interface sensor(config-ifs)# sensor(config-ifs)#  no shutdown  

graphics/alert_icon.gif

Sensing interfaces do not have IP addresses on them, and the configuration prompt for them is sensor(config-ifs) .


graphics/note_icon.gif

The sensing interface can send TCP resets if the signature action is configured to do so. But no IP address is needed on the sensing interface to accomplish this.


Interface Group Configuration Mode

The interface group configuration mode is a feature that Cisco will expand upon in later versions of the IDS software. An interface group provides a way to group sensing interfaces into one logical virtual sensor. This grouping gives you the ability to control and configure all the interfaces at once. For example, while working in interface group 0 configuration mode, you can execute the no shutdown command and all interfaces in that group are enabled. Currently, IDS version 4.0 supports only one interface group called interface group 0. However, later version releases will enable you to create other groups beyond interface group 0. Listing 7.5 displays how you enter interface group 0 configuration mode and all the commands available in the mode.

Listing 7.5. Navigating to Interface Group 0
 sensor#  config t  sensor(config)#  int group 0  sensor(config-ifg)#  ?  end                   Exit interface group configuration mode and return exit                  Exit interface group configuration mode and return no                    Remove configuration sensing-interface     Add a sensing interface or list of interfaces to the intep show                  Display system settings and/or history information shutdown              Disable the interface group 

Listing 7.6 adds three interfaces to interface group 0 and enables them for operation.

Listing 7.6. Adding and Enabling Interfaces in Interface Group 0
 sensor(config-ifg)# sensor(config-ifg)#  sensing-interface int0  sensor(config-ifg)#  sensing-interface int2  sensor(config-ifg)#  sensing-interface int3  sensor(config-ifg)#  no shutdown  

[ LiB ]  


CSIDS Exam Cram 2 (Exam 642-531)
CSIDS Exam Cram 2 (Exam 642-531)
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 213

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net