36-10
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 36 Managing IPS Device Interfaces
Configuring Interfaces
Configuring Physical Interfaces
The Physical Interfaces tab of the IPS Interfaces policy lists the existing physical interfaces on your
sensor and their associated settings. You cannot add or delete physical interfaces in this policy; instead,
you must use policy discovery to obtain the current list of interfaces from the device. Thus, if you add
or remove interface cards (available for some appliances), you must rediscover the device as described
in Discovering Policies on Devices Already in Security Manager, page 5-15.
To configure the sensor to monitor traffic, you must enable the interface using this procedure. When you
initialized the sensor using the setup command (using the command line interface on the IPS), you
assigned the interface or the inline pair to a virtual sensor, and enabled the interface or inline pair. If you
need to change your interfaces settings, you can do so on the Physical Interfaces tab. To assign an
interface to a virtual sensor, select the Virtual Sensors policy and add or edit the virtual sensor, as
appropriate.
Tip Each physical interface can be divided into VLAN group subinterfaces, each of which consists of a group
of VLANs on that interface. For more information, see Configuring VLAN Groups, page 36-15.
Related Topics
Understanding Interfaces, page 36-1
Defining A Virtual Sensor, page 37-5
Editing Policies for a Virtual Sensor, page37-9
Assigning Interfaces to Virtual Sensors, page37-4
Configuring Bypass Mode, page 36-12
Configuring CDP Mode, page 36-13
Configuring Inline Interface Pairs, page 36-13
Step 1 (Device view) Select Interfaces from the Policy selector, then click the Physical Interfaces tab (if
necessary).
Step 2 Select the interface whose configuration you want to change and click the Edit Row button. The Modify
Physical Interface Map dialog box appears.
Step 3 Make the desired configuration changes and click OK. Following are the settings you are most likely to
want to change; for a description of all options, see Modify Physical Interface Map Dialog Box,
page 36-11.
Enabled—Whether the interface is enabled (Ye s or No). Select Yes to make the interface functional.
The value of this option is shown in the Administrative State column in the Physical Interfaces tab.
Default VLAN—The VLAN to which the interface is assigned.
Specify Interface for TCP Reset—If you want to assign an alternate TCP reset interface, as
described in Understanding Interfaces, page 36-1, select this option, then select the alternate
interface from the interface-name list.