I have a simple setup : R1 Router connected to Port 1 of SW 1
R2 Router connected to Port 2 of SW 1 Both the ports Port 1 and Port 2 of SW 1 are in vlan 101 , and int vlan 101 has ip 1.1.1.254/24 !!! - SW1 Port 1 is in vlan 101 and R1 fa0/0 has IP :- 1.1.1.1/24 - SW1 Port 2 is in vlan 101 and R2 fa0/0 has IP :- 1.1.1.2/24 Now......................IPS 4240 is connected to another switch SW 3 ...... and need to configure VLAN Pair configuration on its FA 2/0 Interface !!! I have access to the GUI and CLI of IPS from a given Test XP Machine without any problems. The port of IPS Sensor fa 2/0 that is connected to SW3 is dot1q trunk, and SW3 is TRUNKED TO SW1 , and with show inter trunk , can see the vlans 101 and 102 traversing the trunk !!! [Note The test Machine XP has IP 2.2.2.2 /24 AND IPS Mgmt Interface has IP 2.2.2.1/24 , and there is no problem here on this link, I have issue with VLAN 101 and VLAN 102, that should produce alert with signatures 2000 and 2004 , and i have enabled them and applied it... *Following is my IPS config , i dont nkow where i am doing the mistake ??? can you help plz.......... :-* ** ! Version 6.0(5) ! Host: ! Realm Keys key1.0 ! Signature Definition: ! Signature Update S365.0 2008-10-31 ! Virus Update V1.4 2007-03-02 ! ------------------------------ display-serial ! ------------------------------ service interface physical-interfaces FastEthernet2/0 description learning 101 and 102 admin-state enabled duplex auto speed auto default-vlan 0 alt-tcp-reset-interface none subinterface-type inline-vlan-pair subinterface 1 description 101 and 102 vlan1 101 vlan2 102 exit exit exit exit ! ------------------------------ service authentication exit ! ------------------------------ service event-action-rules rules0 exit ! ------------------------------ service event-action-rules rules1 exit ! ------------------------------ service host network-settings host-ip 2.2.2.1/24,2.2.2.254 host-name TEST access-list 2.2.2.0/24 exit exit ! ------------------------------ service logger service network-access exit ! ------------------------------ service notification exit ! ------------------------------ service signature-definition sig0 signatures 2000 0 alert-severity medium status enabled true exit exit signatures 2004 0 alert-severity medium status enabled true exit exit exit ! ------------------------------ service signature-definition sig2 exit ! ------------------------------ service signature-definition sig1 exit ! ------------------------------ service ssh-known-hosts rsa1-keys 2.2.2.1 length 1024 exponent 35 modulus 157970124369184559719311409598293877786020481877177613168767367258090218457266114737080129785144925683181415718714257822629734844774563886799916691060825603141653377782152864748860264885147511554880214103147142601350624126719463708166965171426479508778905223691649626609365468646416409553825502430694149892591 exit exit ! ------------------------------ service trusted-certificates exit ! ------------------------------ service web-server port 1000 exit ! ------------------------------ service anomaly-detection ad0 exit ! ------------------------------ service anomaly-detection ad1 exit service external-product-interface exit ! ------------------------------ service analysis-engine virtual-sensor vs0 physical-interface FastEthernet2/0 subinterface-number 1 exit exit TEST# When i try to see EVENTS from GUI or CLI with show events past 00:05:00 , it is NOT SHOWING anything about 1.1.1.1 or 1.1.1.2 ???? Confusing...wht could be my mistakes please....letm e know.... ** ** **
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
