IPS跨交换机的VLAN Pair测试

1.测试拓扑：

2.基本配置：
R1：
R1#vlan database 
R1(vlan)#vlan 30
VLAN 30 added:
    Name: VLAN0030
R1(vlan)#vlan 40
VLAN 40 added:
    Name: VLAN0040
R1(vlan)#exit

R1(config)#int f0/5
R1(config-if)#switchport mode access 
R1(config-if)#switchport access vlan 40

R1(config)#int range fastEthernet 0/14 - 15
R1(config-if-range)#switchport mode trunk
R2：
R2#vlan database 
R2(vlan)#vlan 30
VLAN 30 added:
    Name: VLAN0030
R2(vlan)#vlan 40
VLAN 40 added:
    Name: VLAN0040
R2(vlan)#exit

R2(config)#int f0/3
R2(config-if)#sw mode acc
R2(config-if)#sw acc vlan 30
R2(config-if)#int f0/4
R2(config-if)#sw mo acc
R2(config-if)#sw acc vlan 40
R2(config-if)#int f0/15
R2(config-if)#sw mode trunk
R3：
R3(config)#int f1/0
R3(config-if)#ip add 10.1.1.3 255.255.255.0
R3(config-if)#no sh
R4：
R4(config)#int f1/0
R4(config-if)#ip add 10.1.1.4 255.255.255.0
R4(config-if)#no sh
R5：
R5(config)#int f1/0
R5(config-if)#ip add 10.1.1.5 255.255.255.0
R5(config-if)#no sh
R5#ping 10.1.1.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.4, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 20/34/72 ms

3.IPS配置：
A.激活监控接口：
  
B.创建VLAN Pair：
 
C.接口指派sensor：
  
4.效果测试：
A.R3能ping不同VLAN的R4、R5

R3#ping 10.1.1.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.4, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 20/85/216 ms
R3#ping 10.1.1.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 24/45/92 ms

B.大量的ping操作会触发IPS事件：
R3#ping 10.1.1.4 repeat 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 10.1.1.4, timeout is 2 seconds:
!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!
!!!.!!!!!.!!!!!.!!!!!.!!!!!.!!
Success rate is 83 percent (83/100), round-trip min/avg/max = 12/57/416 ms
R3#

 
evIdsAlert: eventId=1185793501059155071  vendor=Cisco  severity=informational  
  originator:   
    hostId: ips4215  
    appName: sensorApp  
    appInstanceId: 340  
  time: 2012年8月18日 下午05时07分35秒  offset=0  timeZone=UTC  
  signature:   description=ICMP Echo Request  id=2004  version=S1  
    subsigId: 0  
  interfaceGroup:   
  vlan: 30  
  participants:   
    attacker:   
      addr: 10.1.1.3  locality=OUT  
    target:   
      addr: 10.1.1.4  locality=OUT  
  actions:   
    deniedAttackerServicePair: true  
  riskRatingValue: 25  
  interface: ge0_1  
  protocol: icmp  
evIdsAlert: eventId=1185793501059155072  vendor=Cisco  severity=informational  
  originator:   
    hostId: ips4215  
    appName: sensorApp  
    appInstanceId: 340  
  time: 2012年8月18日 下午05时07分37秒  offset=0  timeZone=UTC  
  signature:   description=ICMP Echo Reply  id=2000  version=S1  
    subsigId: 0  
  interfaceGroup:   
  vlan: 40  
  participants:   
    attacker:   
      addr: 10.1.1.4  locality=OUT  
    target:   
      addr: 10.1.1.3  locality=OUT  
  riskRatingValue: 25  
  interface: ge0_1  
  protocol: icmp
 

本文转自 碧云天 51CTO博客，原文链接：http://blog.51cto.com/333234/966467，如需转载请自行联系原作者