I have got at work this sensor with two interfaces only, I have been asked to check that
IDSWORK# show version
Application Partition:
Cisco Systems Intrusion Detection Sensor, Version 4.1(1)S47
OS Version 2.4.18-5smpbigphys-4215
Platform: IDS-4215
one interface which is Ethernet 0 (not FastEthernet) connected to switch in DMZ , and Ethernet 1 connected to switch 4005,,,,logically I have to monitor DMZ zone not switch 4005 (since I have got only two interfaces, my case),,,Am I right ?
That means Ethernet 0 should be for sniffing (monitoring)since it is connected to DMZ,and interface 1 for command and control since it is connected to 4005 switch, but according to cisco specification
http://cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df7d.html#wp1051279Table 5-2
FastEthernet 0/1: Interfaces Supporting Inline VLAN Pairs (Sensing Ports)
FastEthernet 0/0: Interfaces Not Supporting Inline (Command and Control Port)
Note: Cisco has mentioned FastEthernet, the one that I have got Ethernet ,,,,does make any difference ?
Since I have not done that configuration , it has been done by some one else, do I need to change that ?
