User guide

ManualsBrandsIBM Manualscomputers & electronicsProventia G, Mntc

131

132

133

134

135

136

137

138

139

140

Configuring TCPReset

133

Proventia Network IPS G and GX Appliance User Guide

Configuring TCPReset

Introduction You can use the appliance to monitor (read-only) SPAN ports on network equipment. To

monitor (read-only) SPAN ports, you must configure the appliance’s TCPReset (kill) port.

If using (read-only) monitoring ports, the appliance must send TCP Resets on another

interface.

Note: The appliance is configured by default to send TCP Resets through the monitoring

ports even in passive monitoring mode. For example, if you are monitoring through a

hub, you do not need to configure the external kill port.

Procedure To configure TCPReset:

1. Connect the kill port (the Management port labeled 2 on the front of the appliance) to

the network.

2. To determine the MAC address of the router of the kill port (eth0), do one of the

following:

■ Contact your system administrator to get the MAC address of the router. Once you

have received the MAC address, go to Step 4.

■ Run the get-reset-config script on the appliance to get the MAC address. Go to Step

3. Login to the appliance as root and run

get-reset-config

Note the following:

■ If you run the script without parameters, it displays usage information.

■ If you run the script with required parameters, it displays the MAC address.

Note: The

get-reset-config

utility requires a temporary IP address to connect to

the network in order to detect the router’s MAC address. During normal operation,

the kill port is in stealth mode and does not require an IP address

4. In Proventia Manager, select System

ÆLocal Tuning Parameters.

5. Select the Advanced Parameters tab.

6. Add the local tuning parameter

np.macaddress.destination

to configure the MAC

address of the router:

np.macaddress.destination = XX:XX:XX:XX:XX:XX

Note: See “Adding advanced parameters” on page 132 for more information about

adding a local parameter.

7. Select the Adapter Management tab.

8. Select the adapter for which you want to enable the External Kill port, and then click

Edit.

9. On each port where you want to enable the External Kill port, change TCP Resets

from “This Port” to “TCP Reset Port”, and then click OK.

10. To enable External Kill ports on other adapters, repeat Steps 8 and 9.

Example: You can enable the External Kill port to send TCP Resets for events received

on ports A, B, C, and D, but you can also choose to send TCP resets for events received

on ports E and F through E and F.

11. Click Save Changes.