1-69
Catalyst 6500 Series Switch Module Installation Guide
78-15725-02
Chapter 1 Product Overview
Intrusion Detection System Module (WS-X6381-IDS)
The Intrusion Detection System Module captures network packets, and then
reassembles and compares this data against a set of rules that indicates typical
intrusion activity. Network traffic is copied either to the Intrusion Detection
System Module based on security VLAN access control lists (VACLs) in the
switch or is routed to the Intrusion Detection System Module using the switch’s
Switched Port Analyzer (SPAN) port feature. Both methods allow user-specified
types of traffic that are based on switch ports, VLANs, or traffic type to be
inspected.
The Intrusion Detection System Module searches for patterns of misuse by
examining either the data portion or the header portion of network packets.
Content-based attacks come from the data portion, and context-based attacks
come from the header portion.
When the Intrusion Detection System Module detects an attack, it generates an
alarm. Alarms are generated by the Intrusion Detection System Module through
the Catalyst 6500 series switch backplane to the Cisco Secure PM, where they are
logged or displayed on a graphical user interface. Alarm communication is
handled by the Cisco Secure IDS Communication service protocol, a proprietary
protocol that transmits alarms from the Intrusion Detection System Module to the
Cisco Secure PM.
The front panel has a STATUS LED, a hard drive LED, a SHUTDOWN button,
and a PCMCIA slot as shown in Figure 1-45.
Figure 1-45 Intrusion Detection System Module (WS-X6381-IDS)
Table 1-16 describes the Intrusion Detection System Module states as indicated
by the STATUS LED.
NTWK ANALYSIS HDL
HD
SHUTDOWN
For Vendor Use Only
WS-X6380-NAM
STATUS
PCMCIA
SLOT
1
0
EJECT
33089
STATUS LED PCMCIA slot
SHUTDOWN button Hard drive
(HD) LED
To Next Page
Loading...
Need help?
General