Managing IP Correlation for Active Response on the SMS!

Summary

IP Correlation is the method by which the SMS looks up the IP addresses of hosts under inspection, learns the associated MAC address of an IP from a source, and then resolves which switch this MAC is connected to. The SMS can then engage switch actions to begin acting on hosts. This setup is required for SMS Active Response to work with non-IPS infrastructure equipment, such as switches and other network access points.

Configuring IP Correlation

The IP Correlation Network Mapping Table is used to create a static map of IP address to MAC address one entry at a time. Mapping of the end-station to its IP address is a requirement for the SMS Active Response application to properly control access on a host. When configured for IP Correlation, the SMS:

Watches events from an IPS
Finds the end-station responsible for those events
Uses the information to initiate a response

Details

How To: Common Task

Log in to the SMS from a client.
On the SMS toolbar, navigate to the Responder > IP Correlation. The IP Correlation screen displays.

How To: Add/Edit Network Mapping

In the IP Correlation Network Mapping area, click New, or select an existing entry in the list and click Edit. The IP Correlation dialog displays.
Specify the following information:
IP Address
MAC Address (in::::: format)

Click OK to finish.

How To: Add/Edit Web Services

In the IP Correlation Web Services area, click New or select an existing entry in the in the list and click Edit. The IP Correlation Web Services dialog displays.
Specify the Web Services URL. If you are using basic authentication, enter the Username and Password.
Click OK to finish.

How To: Control Web Service Precedence

From the IP Correlation Web Services area, select the Web Service URL entry.
Use the Up and Down arrow buttons to move the entry up or down in the list.

How To: Perform a Test of IP Correlation

On the SMS toolbar, navigate to the Responder > IP Correlation. The IP Correlation screen displays.
Click Test (located at the bottom of the screen). The IP Correlation Test dialog box opens.
Select the appropriate Correlation Method (IPLOOKUP or MACLOOKUP)
Enter an address for the type of method selected: IP or MAC.
Click Query. The results of the query display in the results section.
Click Close to close the dialog and return to the IP Correlation screen.

Reference: SMS User Guide

Rating:

Category:

Configure; Troubleshoot; Deploy

Solution Id:

TP000098748

Feedback

Did this article help you?

Thank you for your feedback!

What was the problem with this article?

The image(s) in the article did not display properly.

The article did not provide detailed procedure.

The article is hard to understand and follow.

The video did not play properly.

The article did not resolve my issue.

Others. Please specify.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

Thanks for voting.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

Need More Help?

Managing IP Correlation for Active Response on the SMS!