Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
10
Helpful
3
Replies

IDS-4210

Go to solution
Rodrigo Gurriti
Level 3
Level 3

‎04-12-2007 06:58 AM - edited ‎03-10-2019 03:33 AM

I noticed that the model IDS-4210 does not do INLINE inspection on software 5.1(3)

Will it do on newer versions ? or the 4210 cannot do it period ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marcabal
Cisco Employee
Cisco Employee
In response to Rodrigo Gurriti

‎04-12-2007 11:01 AM

Yes and No

The scheme you wrote up is right, but it does NOT route between vlan 1 and vlan 2.

The IPS will instead switch or bridge packets between vlan 1 and vlan 2.

What this means is that the IP Address on the router's vlan 1 interface MUST be in the same IP Subnet as the IP Address on the inside vlan.

The IPS will simply take the packets on vlan 1 and put them on vlan 2 (and vice versa), it will not "route" packets between 2 IP Subnets so the same IP Subnet must be used in both vlan 1 and vlan 2.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎04-12-2007 07:09 AM

There are 2 types of inline inspection:

inline interface pairs - 2 physical interfaces are paired together and the inspection is done inline as the packets are passed between the 2 interfaces

inline vlan pairs - 1 physical interface is connected to a switch using a trunk port, 2 vlans on the trunk port are paired together and the inspection is done inline as the packets are switched between the 2 vlans

The IDS-4210 only have one monitoring interface, and so you can not create inline interface pairs.

But the IDS-4210 Does support inline vlan pairs on that one monitoring interface.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/cliguide/cliinter.htm#wp1057307

Go to solution
Rodrigo Gurriti
Level 3
Level 3
In response to marcabal

‎04-12-2007 10:48 AM

Thank you

But one more question

The 4210 would have to act like a router to direct the packets from the internet to the inside network ?

I tried to look on configuration guides but they have no examples.

I assume that the network scheme would look something like this:

router ---vlan1

IDS ---vlan1/2

inside ---vlan2

am I right ?

PS. thank you marcabal for your post

0 Helpful

Go to solution
marcabal
Cisco Employee
Cisco Employee
In response to Rodrigo Gurriti

‎04-12-2007 11:01 AM

Yes and No

The scheme you wrote up is right, but it does NOT route between vlan 1 and vlan 2.

The IPS will instead switch or bridge packets between vlan 1 and vlan 2.

What this means is that the IP Address on the router's vlan 1 interface MUST be in the same IP Subnet as the IP Address on the inside vlan.

The IPS will simply take the packets on vlan 1 and put them on vlan 2 (and vice versa), it will not "route" packets between 2 IP Subnets so the same IP Subnet must be used in both vlan 1 and vlan 2.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card