Filter
Top Products
59-24
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 59 Configuring Router Interfaces
CEF Interface Settings on Cisco IOS Routers
Navigation Path
Go to the IPS Module Interface Settings Page, page 59-22, then click the Add or Edit button beneath
the IPS Module Service Module Monitoring Settings table.
Related Topics
• IPS Module Interface Settings on Cisco IOS Routers, page 59-22
• Basic Interface Settings on Cisco IOS Routers, page 59-1
Field Reference
CEF Interface Settings on Cisco IOS Routers
Cisco Express Forwarding (CEF) is an advanced Layer 3 IP switching technology that optimizes network
performance and scalability for all kinds of networks, from those that carry small amounts of traffic to
those that carry large amounts of traffic in complex patterns, such as the Internet and networks
characterized by intensive web-based applications or interactive sessions. CEF is enabled by default on
most Cisco IOS routers.
Typically, you do not need to configure a CEF policy unless you want to enable CEF accounting so that
you can view statistics with the show ip cef command on the router. You would also configure the policy
if you want to disable CEF, or to configure non-default CEF behavior on specific interfaces, for example,
to have CEF load balance based on packets rather than source-destination packet streams.
When configuring alternate CEF settings for interfaces, you can name specific interfaces or use interface
roles to cover more than one interface at a time. For example, if you have defined an All-Ethernets
interface role, you can define identical CEF settings for every Ethernet interface on the device with a
single definition. See Understanding Interface Role Objects, page 6-67.
Table 59-8 IPS Monitoring Information Dialog Box
Element Description
Interface Name A name of the interface or interface role that the module should
monitor. Enter the name or click Select to select the interface or
interface role. If the object that you want is not listed, click the Create
button to create it.
Monitoring Mode How the interface should be monitored:
• Inline mode—The IPS module is directly in the traffic flow,
allowing it to stop attacks by dropping malicious traffic before it
reaches the intended target.
• Promiscuous mode—Packets do not flow through the sensor; the
sensor analyzes a copy of the monitored traffic rather than the
actual forwarded packet.
Access List The name of the standard or extended access list policy object to use to
filter traffic on this interface for inspection, if you want to apply one. A
matched ACL causes traffic not to be inspected for that ACL. Click
Select to select the ACL or to create a new one.