This is covered on the Video on Demand that I just finished but either the vlan or untagged option will work.
If you have multiple VLAN's coming in on a trunk port then I have found that the only way to get this to work is to use an alternative reset interface that is also trunked. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Monday, April 12, 2010 11:32 AM To: [email protected] Subject: [OSL | CCIE_Security] IPS TCP reset Hi all When we configure signature for TCP reset, the reset is sent through the monitoring interface and the shun request through the management interface. When switch's interface is configured for monitoring, the port doesn't take ingress traffic for which we need to add the keyword "ingress" IPS interface monitoring single vlan option 1 : We should select the vlan option and specify the vlan in which the host is present. option 2 : We should select untagged and configure that a vlan as the "native vlan". Please suggest, if dot1q, isl, untagged is relevant to this case and provide a scenario when it will be used. sw(config)#monitor session 2 destination interface f1/0/2 ingress ? dot1q ingress forwarding using dot1q encapsulation isl ingress forwarding using isl encapsulation untagged ingress forwarding using untagged encapsulation vlan Set default VLAN for untagged ingress traffic IPS interface monitoring trunk option 1 : We should select the vlan option and specify the vlan in which the host is present. option 2 : We should select untagged and configure that a vlan as the "native vlan". Please suggest, if dot1q, isl, untagged is relevant to this case and provide a scenario when it will used. monitor session 2 destination interface f1/0/2 encapsulation dot1q ingress ? dot1q ingress forwarding using dot1q encapsulation isl ingress forwarding using isl encapsulation untagged ingress forwarding using untagged encapsulation vlan Set default VLAN for untagged ingress traffic With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
