Filter
Top Products
65-44
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 65 Managing Cisco Catalyst Switches and Cisco 7600 Series Routers
IDSM Settings
IDSM Settings
When you select a Catalyst device in Device view, then select Platform > IDSM Settings from the
Policy selector, a list is displayed that:
• Displays the settings for data ports on Intrusion Detection System Service Modules (IDSMs).
• Helps you to organize IDSM data ports in channel groups.
The IDSM card detects and stops security threats on network connections. The card inspects the traffic
that enters its two data ports and drops packets if a security threat is detected. The data port settings
define:
• Which traffic is received by the data ports, as defined by the VLAN IDs.
• The sensing mode used by the data ports:
–
Trunk (IPS)—The IDSM performs VLAN bridging between pairs of VLANs within the same
data port, operating as an 802.1q trunk. The IDSM inspects the traffic it receives on each VLAN
in a VLAN pair and can either forward the packets on the other VLAN in the pair or drop the
packet if an intrusion attempt is detected.
–
Capture (IDS)—The IDSM passively monitors network traffic that was copied to the data ports
by the Catalyst switch using either VACL capture or SPAN. The data ports operate as 802.1q
trunks that can be configured to trunk different VLANs. When operating in this passive mode,
the IDSM cannot drop packets in response to a network intrusion attempt, but it can send TCP
resets over the data ports in an attempt to block the intrusion.
Note Security Manager supports a subset of IDSM settings on chassis running IOS 12.2(18)SXF4
or later. Trunk (IPS) and Capture (IDS) modes are supported; inline mode is not supported.
Security Manager cannot manage IDSM data ports that are part of a spanning tree or access
VLAN.
For high-traffic networks, EtherChannel is used to perform load balancing among multiple data ports.
These data ports might be located on different IDSM cards within the same Catalyst device.
EtherChannel is also used to redirect traffic in the event of port failure to the remaining ports within the
channel group. This resiliency help preserve intrusion detection and prevention without user intervention
and with minimum packet loss.
The following topics describe the actions you can perform when defining IDSM settings:
• Creating or Editing EtherChannel VLAN Definitions, page 65-45
• Deleting EtherChannel VLAN Definitions, page 65-46
• Creating or Editing Data Port VLAN Definitions, page 65-46
• Deleting Data Port VLAN Definitions, page 65-48
• IDSM Settings Page, page 65-48
Remove << button Removes selected interfaces from the Selected Interfaces list.
Selected Interfaces Displays the interfaces that are selected.
Table 65-21 Interface Selector Dialog Box (Continued)
Element Description