1.拓扑图:
2.接口配置:
R1(config)#int f0/0
R1(config-if)#ip add 10.1.1.1 255.255.255.0
R1(config-if)#no sh
R2(config)#int f0/0
R2(config-if)#ip add 10.1.1.2 255.255.255.0
R2(config-if)#no sh
R3#vlan data
R3(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
R3(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
R3(vlan)#exi
APPLY completed.
Exiting....
R3#config t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int f0/0
R3(config-if)#swi mod acc
R3(config-if)#swi acc vlan 10
R3(config-if)#int f0/1
R3(config-if)#swi mod acc
R3(config-if)#swi acc vlan 20
R3(config-if)#int f0/15
R3(config-if)#swi mod trun
R3(config-if)#swi mod trunk
R3(config-if)#
*Mar 1 00:01:57.307: %DTP-5-TRUNKPORTON: Port Fa0/15 has become dot1q trunk
R3(config-if)#
3.IPS配置:
A.确认g0/1接口已经enabled
B.添加VLAN Pair
C.将接口对关联到virtual sensor
4.测试:
A.在R1上连续ping R2
R1#ping 10.1.1.2 repeat 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 99 percent (99/100), round-trip min/avg/max = 4/38/512 ms
R1#
B.在IPS上能看到攻击事件
本文转自 碧云天 51CTO博客,原文链接:http://blog.51cto.com/333234/880629,如需转载请自行联系原作者