This issue is resolved, just a tiny mistake on switchport level, well i have following 2 queries :-
1. what if i wanna see EVENT ACTIONs if instead of produce alert i have another setting for eg "deny inline" can i see it in events table ???? 2. if i set the severity to HIGH, do i have to make exception for PING with EVENT ACTION FILTER ??? is it mandatory in 6.0 !!! ??? My aboe questions are for knowledge and lab exam purpose , equally. regards, Kamran. On Thu, Feb 3, 2011 at 1:42 AM, kamran shakil <[email protected]>wrote: > I have a simple setup : > > R1 Router connected to Port 1 of SW 1 > > R2 Router connected to Port 2 of SW 1 > > Both the ports Port 1 and Port 2 of SW 1 are in vlan 101 , and int vlan > 101 has ip 1.1.1.254/24 !!! > > > - SW1 Port 1 is in vlan 101 and R1 fa0/0 has IP :- 1.1.1.1/24 > - SW1 Port 2 is in vlan 101 and R2 fa0/0 has IP :- 1.1.1.2/24 > > > Now......................IPS 4240 is connected to another switch SW 3 > ...... and need to configure VLAN Pair configuration on its FA 2/0 Interface > !!! > > I have access to the GUI and CLI of IPS from a given Test XP Machine > without any problems. > > The port of IPS Sensor fa 2/0 that is connected to SW3 is dot1q trunk, and > SW3 is TRUNKED TO SW1 , and with show inter trunk , can see the vlans 101 > and 102 traversing the trunk !!! > > [Note The test Machine XP has IP 2.2.2.2 /24 AND IPS Mgmt Interface has IP > 2.2.2.1/24 , and there is no problem here on this link, I have issue with > VLAN 101 and VLAN 102, that should produce alert with signatures 2000 and > 2004 , and i have enabled them and applied it... > > *Following is my IPS config , i dont nkow where i am doing the mistake ??? > can you help plz.......... :-* > ** > ! Version 6.0(5) > ! Host: > ! Realm Keys key1.0 > ! Signature Definition: > ! Signature Update S365.0 2008-10-31 > ! Virus Update V1.4 2007-03-02 > ! ------------------------------ > display-serial > ! ------------------------------ > service interface > physical-interfaces FastEthernet2/0 > description learning 101 and 102 > admin-state enabled > duplex auto > speed auto > default-vlan 0 > alt-tcp-reset-interface none > subinterface-type inline-vlan-pair > subinterface 1 > description 101 and 102 > vlan1 101 > vlan2 102 > exit > exit > exit > exit > ! ------------------------------ > service authentication > exit > ! ------------------------------ > service event-action-rules rules0 > exit > ! ------------------------------ > service event-action-rules rules1 > exit > ! ------------------------------ > service host > network-settings > host-ip 2.2.2.1/24,2.2.2.254 > host-name TEST > access-list 2.2.2.0/24 > exit > exit > ! ------------------------------ > service logger > service network-access > exit > ! ------------------------------ > service notification > exit > > ! ------------------------------ > > service signature-definition sig0 > > signatures 2000 0 > alert-severity medium > status > enabled true > exit > exit > signatures 2004 0 > alert-severity medium > status > enabled true > > exit > exit > exit > ! ------------------------------ > service signature-definition sig2 > exit > ! ------------------------------ > service signature-definition sig1 > exit > ! ------------------------------ > service ssh-known-hosts > > rsa1-keys 2.2.2.1 > > length 1024 > exponent 35 > modulus > 157970124369184559719311409598293877786020481877177613168767367258090218457266114737080129785144925683181415718714257822629734844774563886799916691060825603141653377782152864748860264885147511554880214103147142601350624126719463708166965171426479508778905223691649626609365468646416409553825502430694149892591 > exit > exit > ! ------------------------------ > service trusted-certificates > exit > ! ------------------------------ > service web-server > port 1000 > exit > ! ------------------------------ > service anomaly-detection ad0 > exit > ! ------------------------------ > service anomaly-detection ad1 > exit > service external-product-interface > exit > ! ------------------------------ > service analysis-engine > virtual-sensor vs0 > physical-interface FastEthernet2/0 subinterface-number 1 > exit > exit > TEST# > > When i try to see EVENTS from GUI or CLI with show events past 00:05:00 , > it is NOT SHOWING anything about 1.1.1.1 or 1.1.1.2 ???? Confusing...wht > could be my mistakes please....letm e know.... > > > > > > ** > ** > ** > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
