cheng029 发表于 2012-8-19 22:53:50

IPS跨交换机的VLAN Pair测试

1.测试拓扑:

2.基本配置:
R1:
R1#vlan database
R1(vlan)#vlan 30
VLAN 30 added:
   Name: VLAN0030
R1(vlan)#vlan 40
VLAN 40 added:
   Name: VLAN0040
R1(vlan)#exit

R1(config)#int f0/5
R1(config-if)#switchport mode access
R1(config-if)#switchport access vlan 40

R1(config)#int range fastEthernet 0/14 - 15
R1(config-if-range)#switchport mode trunk
R2:
R2#vlan database
R2(vlan)#vlan 30
VLAN 30 added:
   Name: VLAN0030
R2(vlan)#vlan 40
VLAN 40 added:
   Name: VLAN0040
R2(vlan)#exit

R2(config)#int f0/3
R2(config-if)#sw mode acc
R2(config-if)#sw acc vlan 30
R2(config-if)#int f0/4
R2(config-if)#sw mo acc
R2(config-if)#sw acc vlan 40
R2(config-if)#int f0/15
R2(config-if)#sw mode trunk
R3:
R3(config)#int f1/0
R3(config-if)#ip add 10.1.1.3 255.255.255.0
R3(config-if)#no sh
R4:
R4(config)#int f1/0
R4(config-if)#ip add 10.1.1.4 255.255.255.0
R4(config-if)#no sh
R5:
R5(config)#int f1/0
R5(config-if)#ip add 10.1.1.5 255.255.255.0
R5(config-if)#no sh
R5#ping 10.1.1.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.4, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 20/34/72 ms

3.IPS配置:
A.激活监控接口:
   
B.创建VLAN Pair:

C.接口指派sensor:
   
4.效果测试:
A.R3能ping不同VLAN的R4、R5

R3#ping 10.1.1.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.4, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 20/85/216 ms
R3#ping 10.1.1.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 24/45/92 ms

B.大量的ping操作会触发IPS事件:
R3#ping 10.1.1.4 repeat 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 10.1.1.4, timeout is 2 seconds:
!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!
!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!
Success rate is 83 percent (83/100), round-trip min/avg/max = 12/57/416 ms
R3#


evIdsAlert: eventId=1185793501059155071vendor=Ciscoseverity=informational
originator:   
    hostId: ips4215
    appName: sensorApp
    appInstanceId: 340
time: 2012年8月18日 下午05时07分35秒offset=0timeZone=UTC
signature:   description=ICMP Echo Requestid=2004version=S1
    subsigId: 0
interfaceGroup:   
vlan: 30
participants:   
    attacker:   
      addr: 10.1.1.3locality=OUT
    target:   
      addr: 10.1.1.4locality=OUT
actions:   
    deniedAttackerServicePair: true
riskRatingValue: 25
interface: ge0_1
protocol: icmp
evIdsAlert: eventId=1185793501059155072vendor=Ciscoseverity=informational
originator:   
    hostId: ips4215
    appName: sensorApp
    appInstanceId: 340
time: 2012年8月18日 下午05时07分37秒offset=0timeZone=UTC
signature:   description=ICMP Echo Replyid=2000version=S1
    subsigId: 0
interfaceGroup:   
vlan: 40
participants:   
    attacker:   
      addr: 10.1.1.4locality=OUT
    target:   
      addr: 10.1.1.3locality=OUT
riskRatingValue: 25
interface: ge0_1
protocol: icmp

判官007 发表于 2013-3-14 04:05:37

不知该说些什么。。。。。。就是谢谢

julley 发表于 2013-5-16 03:17:27

路过,支持一下啦

浪人 发表于 2013-5-18 19:04:34

走过了年少,脚起了水泡

lichaoyue888 发表于 2013-5-21 17:29:28

有事秘书干,没事干秘书!

超酷小 发表于 2013-5-25 02:38:14

支持一下:lol

gaofeng0210 发表于 2013-5-29 19:00:21

吃饭与ml是第一生产力。
页: [1]
查看完整版本: IPS跨交换机的VLAN Pair测试