Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1478
Views
0
Helpful
7
Replies

IDSM2 inline vlan pair mode

isgphyd12
Level 1
Level 1

‎07-16-2008 01:12 AM - edited ‎03-10-2019 04:12 AM

I am working with the IDSM-2, We have Cisco 6509 with CSM & FWSM, We are planning IDSM-2 in Inline

vlan pair mode and now i want to monitor the traffic which is coming through Outside Interface of the FW cont

that is vlan160 in inline vlan pair mode ,I created the L2 vlan 161 and paired vlans 160 and 161.

My problem is iam able to sea the traffic on interface 0/8 but there is no alerts on IDSM.

The configuration i was done is

Router # config t

Router (conf) #vlan 161

Router (conf) # intrusion-detection module 9 data-port 2 trunk allowed-vlan 160,161

Router (conf) # exit

Sensor # conf t

Sensor (conf) # service interface

Sensor (conf-int) # physical-interfaces gigabit Ethernet 0/8

Sensor (conf-int-phy) # subinterface-type inline-vlan-pair

Sensor (conf-int-phy-inl) # subinterface 1

Sensor (conf-int-phy-inl-sub) # vlan 1 160

Sensor (conf-int-phy-inl-sub) # vlan 2 161

Sensor (conf-int-phy-inl-sub) # exit

apply changes : yes

Labels:
0 Helpful
7 Replies 7

smahbub
Level 6
Level 6

‎07-22-2008 08:06 AM

You can use IDM or the CLI to configure IDSM-2 to operate in inline VLAN pair mode. To prepare IDSM-2 for inline VLAN pair mode, you must configure the switch as well as IDSM-2. Configure the switch first, then configure the IDSM-2 interfaces for inline VLAN pair mode.

0 Helpful

Diego Armando Cambronero Arias
Level 3
Level 3
In response to smahbub

‎12-08-2009 01:05 PM

Hello,

I have a problem that i do not know how to handle. I have 100 Vlans and I would like to use the IPS to inspect traffic between these VLANS. I have 2 questions.

1)  In a Vlan pair only 2 vlans are paired so the traffic between this VLANS will be inspected. How can I inspect the traffic for example when vlan 15 comunicates with vlan 20, 50, 30, 80 etc...?

2) I know that the comunication between the Switch and the IPS should be through a Trunk port. What else do I have to configure in the L3switch?

I would really appreciate the help

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to Diego Armando Cambronero Arias

‎12-14-2009 10:30 PM

Please open a separate post for this issue. Just select the 'New' button ot the top right of the screen and click on 'Discussion'.

You have to remember that the IPS in not a layer 3 device, its a L2 devices.....so you really don't have to wait for inter-VLAN routing. If the IPS will monitor one VLAN, it will cover ALL communication to/from that VLAN.

Regards

Farrukh

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni

‎07-22-2008 05:35 PM

Is the pair added to the Virtual Sensor?

Regards

Farrukh

0 Helpful

isgphyd12
Level 1
Level 1
In response to Farrukh Haroon

‎07-23-2008 02:11 AM

Hi Farrukh,

Yes ,I was added the pair to virtual sensor.

Thanks

sridhar

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to isgphyd12

‎07-23-2008 11:28 AM

How are you testing the IDS?

Regards

Farrukh

0 Helpful

isgphyd12
Level 1
Level 1
In response to Farrukh Haroon

‎07-23-2008 10:10 PM

Traffic is going through the VLAN but there is no logs on event viewer.

I need a sample configuration with 6500---IDSM--FWSM. There might be a problem with 6500 configuration.

Valn 160 is Outside interface of FWSM context and there is not traffic on vlan 161 but we are able to access outside.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card