Filter
Top Products
37-5
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 37 Configuring Virtual Sensors
Defining A Virtual Sensor
There can be many inline VLAN groups on the same inline interface pair, but the VLANs assigned
cannot overlap. Once a VLAN group is assigned to an inline interface pair it is no longer a plain
inline interface pair and can only be used for inline VLAN groups.
VLAN groups cannot be assigned to inline VLAN pairs.
You must configure the interfaces before you can assign them to virtual sensors. For more information
about configuring all of these types of interfaces, see Configuring Interfaces, page 36-6. For information
on assigning interfaces to virtual sensors, see Defining A Virtual Sensor, page 37-5.
Identifying the Virtual Sensors for a Device
If you configure user-defined virtual sensors on an IPS appliance or service module, the virtual sensor
appears in the device selector in Device view.
Normally, the display name of a virtual sensor is in the form device-name_virtual-sensor-name, where
device-name is the name of the parent device, and virtual-sensor-name is the name of the virtual sensor.
For example, the virtual sensor vs1 on device 10.100.10.10 would be 10.100.10.10_vs1.
Thus, under normal conditions, the virtual sensors for a device should appear immediately after the
parent device in the device selector. However, you can change the virtual sensor’s display name by
editing the device properties. If you alter the default name, the virtual sensors might not appear anywhere
near the parent device in the device selector.
You can use the following techniques to identify the virtual sensors defined on a device, or to identify
the parent device of a virtual sensor:
• To see a list of virtual sensors defined on an IPS device, select the Virtual Sensors policy on the
device. The table shows all virtual sensors, including the base vs0 sensor. Note that the vs0 sensor
does not appear separately in the device selector; it is represented by the parent device itself.
Unless you radically alter the display names of virtual sensors, the virtual sensor name, along with
the parent device’s display name, should help you find the virtual sensor in the device selector.
• To determine which IPS device is the host of a virtual sensor, right-click the virtual sensor in the
device selector and select Device Properties. The Hostname display-only field on the General tab
shows the host device display name plus the virtual sensor name as defined on the device.
Defining A Virtual Sensor
Use the Virtual Sensors policy to configure virtual sensors on your Cisco IPS devices. Even if your IPS
device does not support multiple virtual sensors, you must use this policy to assign interfaces to the base
sensor, vs0, and configure properties that are associated with the virtual sensor.
Tip For Cisco IOS IPS devices, you configure the interfaces that the IPS examines in the IPS > Interface
Rules policy. You cannot configure virtual sensors in an IOS IPS device.
Before You Begin
Configure the interfaces on the sensor, including inline interface pairs, inline VLAN pairs, and
promiscuous and inline VLAN groups. The interface configurations must exist before you can assign
them to a virtual sensor. For information on interfaces, interface modes, and how to configure them, see
Chapter 36, “Managing IPS Device Interfaces”.