There are 2 vlans configured in the 7600 switch namely 200 and 300. In order to make the switch to pass these vlan traffic through IDSM(IPS inline mode), the following is been configured.intrusion-detection module 2 data-port 1 trunk allowed-vlan 200,300. Other than this, is there any configuration required for the same. The IOS in the 7600 switch is 12.2(18)SXF4.
Anantha Subramanian Natarajan
You can have up to 255 vlan pairs on Gig0/7 (date-port 1), and an additional 255 vlan pairs on Gig 0/8 (data-port 2).
But be aware that with version 5.0/5.1 on the IDSM-2 the IDSM-2 will treat all of these pairs as if they were on the same network. This can cause confusion on the sensor if packets are being routed and cross 2 or more inline vlan pairs.
So if you are going to deploy in situations where routing could cause the packets to traverse more than one inline vlan pair then I recommend running IPS version 6.0.
IPS 6.0 can support up to 4 virtual sensors. You can have a different siganture and filter configuration in each virtual sensor.
If only deploying 4 inline vlan pairs then you can place one inline vlan pair in each of the 4 virtual sensors.
If you are going to deploye more than 4 virtual sensors, there was also an additional feature added to IPS 6.0 tohelp handle it.
You would set the TCP Session Tracking Mode to either "Vlan Only" or "Interface and Vlan" and this woudl tell the IDSM-2 track the TCP Sessions uniquely per inline vlan pair and avoid the problem that 5.0/5.1 have.
InLine Interface Pair mode is very similar to InLine Vlan Pair. It will pair 2 vlans.
The difference is in how the Vlans get paired.
In Inline Interface Pair mode you would make both 0/7 and 0/8 (both data-port 1 and 2) access ports. Each port would belong to just a single vlan. You would place 0/7 on one vlan of the pair, and place 0/8 on the second vlan of the pair. The IDSM-2 woudl then monitor the traffic between the 2 vlans just like it does in InLine Vlan Pair mode. But instead of being passed back and forth on 2 vlans of a single trunk port they are passed back and forth between 2 access ports.
Since they are access ports you are limited to just the one set of vlans when doing InLine Interface Pair mode. While InLine Vlan Pair gives you up to 510 vlan pairs.
So I do not recommend using InLine Interface Pair Mode on the IDSM-2.
FYI: Though it does have an advantage when running on an Appliance. And Appliance can connect between 2 switches (an IDSM-2 can not becuase it is inside the switch). That trunk connection between the 2 switches can carry 4094 vlans. So placing an Appliance in InLine INterface Pair mode between 2 switches on a trunk port does have some advantages.