idsm-2
performance:500mbps
size:1ru/slot
processor:dual 1.1.3 ghz
operating system:linux
即支持在线模式也支持离线模式
port1:不能配置只是发送tcp reset
port2:command
ports 7 and 8:sensing口,已经做好trunk
vlan map
既能对二层又能对三层流量控制
ip access-list ex icmp
permit icmp any any
ip access-list ex http
permit tcp any any eq 80
vlan access-map vacl 1
match ip address icmp
action drop
vlan access-map vacl 2
match ip address http
action drop
vlan access-map vlan 3
action forward
vlan filter vacl vlan-list 200(调用)
做在线模式
设置native vlan 到sensing接口7和8
其他vlan除了native vlan过滤掉
关掉bpdu
离线模式:
switch>show module(查看模块)
console>(enable)session 4(选择ips模块进入)
catos配置span
console>(enable)set span 2/1-2 3/7 rx inpkts enable create(可以接收注入)
ios配置span
router(config)#monitor session 1 source int 2/1 rx
router(config)#monitor session 1 source int 2/2 rx
router(config)#monitor session 1 destination intrusion-detection-module 3 data-port 1
data-port 1就是sensor 7
data-port 2就是sensor 8
6500 vacl抓包
router#config t
router(config)#vlan access-map ids 10
router(config-access-map)#match ip address web-ftp
router(config-access-map)#action forward capture(送到ips分析)
router(config)#vlan access-map ids 20
router(config-access-map)#action forward
例子:
router#conf t
router(config)#ip access-list extended web-mail
router(config-ext-nacl)#permit any any eq www
router(config-ext-nacl)#permit any any eq smtp
router#config t
router(config)#vlan access-map capture_web_mail 10
router(config-access-map)#match ip address web_mail
router(config-access-map)#action forward capture
router(config)#vlan access-map capture_web_mail 20
router(config-access-map)#action forward
router(config)#vlan filter capture_web_mail vlan-list 200
router(config)#intrusion-detection module 3 data-port 1 capture
catos vacl
console>(enable)set security acl ip test permit tcp any any eq 80 capture
console>(enable)set security acl ip test permit tcp any any eq 25 capture
console>(enable)set security acl ip test permit ip any any
console>(enable)commit security acl test(把列表提交到引擎)
console>(enable)set security acl map test 200(应用到vlan)
console>(enable)set security acl capture-ports 3/7(把3/7设置到capture接口,默认已经把3/7,3/8设置成为capture接口)mls ip ids on catos抓包
console>(enable)session 15
msfc>enable
msfc#conf t
msfc(config)#ip access-list extended web_mail
msfc(config-ext-nacl)#permit any any eq www
msfc(config-ext-nacl)#permit any any eq smtp
msfc(config)#interface vlan 100
msfc(config-if)#mls ip ids web_mail
msfc(config-if)#end
msfc#exit
console>(enable)set security acl captre 3/7
mls ip ids on ios抓包
router#configure terminal
router(config)#ip access-list extened web_mail
router(config-ext-nacl)#permit anny any eq www
router(config-ext-nacl)#permit any any eq smtp
router(config)#int f2/1
router(config-if)#no switchport
rotuer(config-if)#ip add 10.1.1.1 255.255.255.0
router(config-if)#mls ip ids web_mail
router(config)#intrusion-detection module 3 data-port 1 capture
在线模式:
cisco ios把两个数据口划入不同vlan
intrusion-detection module 13 management-port access-vlan 147(把管理接口划分到147vlan)
intrusion-detection module 13 data-port 1 access-vlan 661(把sensor3/7划分到vlan 661)
intrusion-detection module 13 data-port 2 access-vlan 662(把sensor3/8划分到vlan 662)
catos划分接口
console>(enable)set vlan 100 3/2(把管理vlan划分到vlan 100)
aip-ssm(asa插的ips模块)
asa插ips模块
asa(config)#policy-map outside_policy
asa(config-pmap)#class internet
asa(config-pmap-c)#ips inline(在线模式)/promiscuous(离线模式) fail-open(如果ips坏了包就过了)/fail-close(如果ips坏了包过不了)
asa ips模块接口初始化
firewall#show module(查看相关模块)
firewall#session 1(进入ips)
防火墙的ips模块配置界面是嵌入在asdm里面的,当插入这个模块就会出现.
csc asa防病毒模块
支持杀毒url过滤,垃圾邮件过滤
初始化
firewall#show module
firewall#session 1
菜单化配置界面
标签:IDSM,14,ip,vlan,Installing,access,router,config,any From: https://www.cnblogs.com/smoke520/p/18357878