IPS and Switching

Answered Question
Jul 16th, 2007
User Badges:

Hello I have a theoretical question about vlan and IPS


suppose have an 4215 and a router. I want to run the ips with interface inline mode.


Would this here work fine ?


Router - WAN

- Ethernet Vlan 2


4215

-Ethernet 2 -> Vlan 2

-Ethernet 3 Vlan 3


-Inside network all in Vlan 3


Would the IPS bridge if all were in the same subnet ?


Cisco says

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00807517bb.html#wp1046883

If the paired interfaces are connected to the same switch, you should configure them on the switch as access ports with different access VLANs for the two ports. Otherwise, traffic does not flow through the inline interface.



Since I haven't read anything about deployment I had to ask to be 100% sure

Correct Answer by pcomeaux about 9 years 11 months ago


Yes - you are approaching this correctly.


On the sensor, you need to be sure to complete the Vlan pairing so it will act as a L2 bridge between Vlans 2 & 3.



The other option is to do IPS on a stick, where you trunk 2 & 3 down a single physical interface to the 4215.



Let us know how your project proceeds.


thxs

peter

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
pcomeaux Tue, 07/17/2007 - 20:03
User Badges:
  • Cisco Employee,


Yes - you are approaching this correctly.


On the sensor, you need to be sure to complete the Vlan pairing so it will act as a L2 bridge between Vlans 2 & 3.



The other option is to do IPS on a stick, where you trunk 2 & 3 down a single physical interface to the 4215.



Let us know how your project proceeds.


thxs

peter

Actions

This Discussion