Hybrid 6500 IDSM-2 inline vlan pair mode

Unanswered Question
Jul 20th, 2007

I am having a problem understanding how a packet is going to know that it needs to get evaluated by the IDSM if it is being sent to a host on a different vlan. First lets say that the server is on a vlan that is being pair and the server host is configured with the GW address of the paired vlan. So if a different host on a different vlan sent a packet to that server how does the MSFC know to sent the packet to the paried vlan to get routed to the servers vlan instead of routing it directly to the servers vlan that is attached to it(msfc). FYI. I followed the admin guides to set this up and it does not cover design or operation packet flows.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
vkapoor5 Thu, 07/26/2007 - 06:44

Cisco CatOS on the Cisco Catalyst 6500 Series with optional Cisco IOS Software on the Multilayer Switching Feature Card (MSFC) provides Layer 2/3/4 functionality for the Cisco Catalyst 6500 by integrating two operating systems. A switch running CatOS only on the Supervisor Engine is a Layer 2 forwarding device with Layer 2/3/4 functionality for QoS, security, multicast, and network management of the Policy Feature Card (PFC), but does not have any routing capabilities. Layer 3 routing functionality is provided via a Cisco IOS Software image on the MSFC routing engine (optional in Supervisor 1A and 2, and integrated within Supervisor 32 and 720.) In this paper, the combination of CatOS on the Supervisor Engine and Cisco IOS Software on the MSFC is referred to as the "hybrid" OS; two operating systems work together to provide complete Layer 2/3/4 system functionality.

cmarsteller Thu, 07/26/2007 - 08:15

Thanks for the reply but I was specifically talking about the IDSM integration with the Hybrid CAT with the IDSM running in inline vlan pair mode..

subodhs Fri, 08/17/2007 - 09:53

I was trying to find admin guide regarding VLAN pairing - can you send me the URL.

cmarsteller Fri, 08/17/2007 - 11:26

I did mange to figure it out, I just had to sit in a boring meeting and then it me. Create an addtional vlan on the msfc and delete the old vlan interface where the clients are. Give the new vlan int the address of the original client vlan int. Make the new vlan on the CATOS and leave the client vlan on the switch (catos), making it a non routed vlan and then let the IDSM bridge the two following admin guide and poof inspection can be done.


This Discussion