Скачать презентацию
Идет загрузка презентации. Пожалуйста, подождите
Презентация была опубликована 10 лет назад пользователемДарья Гордеева
1 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 16 Intrusion Detection System Module Configuration
2 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS Objectives
3 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS Objectives Upon completion of this lesson, you will be able to perform the following tasks: Describe the Catalyst IDSM-2 features. Distinguish between the functions of the various Catalyst IDSM-2 ports. Initialize a Catalyst IDSM-2. Verify the Catalyst 6500 switch and Catalyst IDSM-2 configurations.
4 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS Introduction
5 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDSM-2 Performance600 Mbps Size1 RU/slot ProcessorDual 1.13 GHz Operating systemLinux ResponseIP log, reset, and block
6 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDSM-2 Key Features Brings switching and security into a single chassis Supports an unlimited number of VLANs No impact on switch performance Provides an effective platform across all Catalyst 6500 chassis Uses the same code as the Cisco IDS network appliances
7 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS Supported Features IDSMIDSM-2 Performance120 Mbps600 Mbps SPAN/RSPANYes VACL captureYes BlockingYes IEVYes IDM supportNoYes TCP resetsNoYes IP loggingNoYes CLINoYes Same code as appliancesNoYes Fabric enabledNoYes Event retrieval methodPostOffice (push)RDEP (pull)
8 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS Catalyst 6500 Switch Requirements The IDSM-2 runs in any Catalyst 6500 Series switch that meets one of the following requirements: Catalyst Software Release 7.5(1), 7.6(1), or later with one of the following: –Supervisor Engine 1A –Supervisor Engine 1A/PFC2 –Supervisor Engine 1A/MSFC1 –Supervisor Engine 1A/MSFC2 –Supervisor Engine 2 –Supervisor Engine 2/MSFC2 Cisco IOS Software Release 12.2(14)SY with Supervisor Engine 2 and MSFC2 Cisco IOS Software Release 12.1(19)E with one of the following: –Supervisor Engine 1A with MSFC2 –Supervisor Engine 2 with MSFC2 Cisco IOS Software Release 12.2(14)SX1 with Supervisor Engine 720
9 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDSM-2 and Switch Configuration Tasks Initialize the IDSM-2. Configure the switch to capture traffic for intrusion detection analysis. Assign the command and control port to the proper VLAN.
10 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS Ports and Traffic
11 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDSM-2 Ports The IDSM-2 has the following four logical ports : Port 1TCP resets Port 2Command and control Port 7 and/or 8Sensing
12 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDSM-2 Traffic Flow IDSM-2 Alarms and configuration through IDSM-2 command and control port Source traffic Destination traffic Copied VACL or SPAN traffic or RSPAN traffic to IDSM-2 monitor ports Cisco Catalyst 6500 Source traffic Destination traffic Switch backplane Management Console
13 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS Initialization
14 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDSM-2 Initialization Tasks Access the IDSM-2 using the switch session command. Log in at the IDSM-2 login prompt with the username cisco and the default password cisco. Execute the setup command to enter the configuration dialog. Enter the network communication parameters. Reset the IDSM-2.
15 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS Access the IDSM-2Catalyst Operating System session mod Enables you to access an IDSM-2 installed in the Catalyst 6500 switch switch> (enable) switch>(enable) session 3 Enables access to the IDSM-2 installed in slot 3 of the Catalyst 6500 switch
16 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS Access the IDSM-2Cisco IOS Software session slot mod {processor processor-id} Router# Router# session slot 3 processor 1 Enables access to the IDSM-2 installed in slot 3 of the Catalyst 6500 switch Opens a session with an IDSM-2 and enables you to use the IDSM-2-specific CLI
17 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS Verifying IDSM-2 Status
18 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS IDSM-2 Status LED IDSM-2 status LED colors and their descriptions are as follows: GreenIDSM-2 is operational. AmberIDSM-2 is disabled, running a boot and self-diagnostic sequence, or shut down. RedDiagnostics other than an individual port test failed. OffIDSM-2 power is off.
19 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS show module Command show module [mod] switch> switch>show module Mod Slot Ports Module-Type Model Sub Status BaseX Supervisor WS-X6K-SUP2-2GE yes ok Multilayer Switch Feature WS-F6K-MSFC2 no ok BaseX Ethernet WS-X6408-GBIC no ok /100BaseTX Ethernet WS-X6548-RJ-45 no ok Intrusion Detection Syste WS-SVC-IDSM-2 yes ok Switch Fabric Module 2 WS-X6500-SFM2 no ok Intrusion Detection Syste WS-SVC-IDSM-2 yes ok Intrusion Detection Syste WS-SVC-IDSM-2 yes ok Displays the status of all modules in the switch. Three IDSM-2s are installed, one in slot 4, one in slot 6, and one in slot 7. The ok state indicates that the IDSM-2s are online. Displays module status and information
20 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS Summary
21 © 2004, Cisco Systems, Inc. All rights reserved. CSIDS Summary The IDSM-2 is a line card for the Cisco Catalyst 6500 Series switches. The IDSM-2 runs the same code as the Cisco IDS Sensor appliance. The IDSM-2 is delivered with IDS Software Revision 4.0 or higher. The IDSM-2 does not affect switch performance because it is not in the forwarding path of the switch.
Еще похожие презентации в нашем архиве:
© 2024 MyShared Inc.
All rights reserved.