IDSM2 inline vlan pair mode

Unanswered Question
Jul 16th, 2008

I am working with the IDSM-2, We have Cisco 6509 with CSM & FWSM, We are planning IDSM-2 in Inline

vlan pair mode and now i want to monitor the traffic which is coming through Outside Interface of the FW cont

that is vlan160 in inline vlan pair mode ,I created the L2 vlan 161 and paired vlans 160 and 161.

My problem is iam able to sea the traffic on interface 0/8 but there is no alerts on IDSM.

The configuration i was done is

Router # config t

Router (conf) #vlan 161

Router (conf) # intrusion-detection module 9 data-port 2 trunk allowed-vlan 160,161

Router (conf) # exit

Sensor # conf t

Sensor (conf) # service interface

Sensor (conf-int) # physical-interfaces gigabit Ethernet 0/8

Sensor (conf-int-phy) # subinterface-type inline-vlan-pair

Sensor (conf-int-phy-inl) # subinterface 1

Sensor (conf-int-phy-inl-sub) # vlan 1 160

Sensor (conf-int-phy-inl-sub) # vlan 2 161

Sensor (conf-int-phy-inl-sub) # exit

apply changes : yes

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
smahbub Tue, 07/22/2008 - 08:06

You can use IDM or the CLI to configure IDSM-2 to operate in inline VLAN pair mode. To prepare IDSM-2 for inline VLAN pair mode, you must configure the switch as well as IDSM-2. Configure the switch first, then configure the IDSM-2 interfaces for inline VLAN pair mode.

Diego Armando C... Tue, 12/08/2009 - 13:05


I have a problem that i do not know how to handle. I have 100 Vlans and I would like to use the IPS to inspect traffic between these VLANS. I have 2 questions.

1)  In a Vlan pair only 2 vlans are paired so the traffic between this VLANS will be inspected. How can I inspect the traffic for example when vlan 15 comunicates with vlan 20, 50, 30, 80 etc...?

2) I know that the comunication between the Switch and the IPS should be through a Trunk port. What else do I have to configure in the L3switch?

I would really appreciate the help

Farrukh Haroon Mon, 12/14/2009 - 22:30

Please open a separate post for this issue. Just select the 'New' button ot the top right of the screen and click on 'Discussion'.

You have to remember that the IPS in not a layer 3 device, its a L2 you really don't have to wait for inter-VLAN routing. If the IPS will monitor one VLAN, it will cover ALL communication to/from that VLAN.



isgphyd12 Wed, 07/23/2008 - 02:11

Hi Farrukh,

Yes ,I was added the pair to virtual sensor.



isgphyd12 Wed, 07/23/2008 - 22:10

Traffic is going through the VLAN but there is no logs on event viewer.

I need a sample configuration with 6500---IDSM--FWSM. There might be a problem with 6500 configuration.

Valn 160 is Outside interface of FWSM context and there is not traffic on vlan 161 but we are able to access outside.


This Discussion