tailieunhanh - cisco security professional's guide to secure intrusion detection systems phần 5

Điều này thiết lập chụp cho lưu lượng truy cập web chỉ cho phép tất cả mọi thứ khác để vượt qua giấy phép bất kỳ bất kỳ là chìa khóa kỳ diệu để cho phần còn lại của giao thông đi qua các IDSM. Sau đó chúng tôi cam kết VACL được gọi là an ninh ACL bản đồ được thiết lập để WEBTRAF | 246 Chapter 6 Configuring the Cisco IDSM Sensor switch enable set security acl map WEBTRAF 10 switch enable set security acl capture-ports 4 1 This sets up the capture for only Web traffic permitting everything else to pass the permit any any is the magic key to let the rest of the traffic go past the IDSM. We then commit the VACL called WEBTRAF. The security ACL map is set to WEBTRAF and VLAN 10 is mapped to the ACL. Lastly we set the ACL to use module 4 and employ port 1 as the capture port for the IDSM. Configuring Trunks to Manage Traffic Flow A method of managing the amount of traffic seen by the IDSM sensor is to manage the trunks and VLANs on the trunks. An example of this would be to have a single IDSM sensor and the need to monitor a single VLAN. This can be accomplished by clearing VLANs from the IDSM sensor monitoring port and then assigning the VLAN that we are interested in back to the monitoring port. In the following example we step through the process. We have three VLANs VLAN 501 VLAN 502 and VLAN 503 on module 4 port 1. So we will first clear the VLANs from the port by using this command switch enable clear trunk 4 1 2-1005 1025-4094 Now we will reassign VLAN 502 back to the monitoring port switch enable set trunk 4 1 502 switch enable set vlan 502 4 1 We now assign module 4 and port 1 as the capture port using the following command switch enable set security acl capture-ports 4 1 Verifying the Configuration To verify that the IDSM is configured correctly we have several commands at our disposal. The most common command as you might guess is just like a router the show config command at the will give us the entire configuration of the next command of great use is called show span and tells us to span the configuration on the switch. We can use the show security acl which shows us the VACL settings. Configuring the Cisco IDSM Sensor Chapter 6 247 On the IDSM itself we can use the same show .