Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
556
Views
0
Helpful
2
Replies

IPS in inline mode between the core switch and the server vlan 4

amady3381
Level 1
Level 1

‎01-25-2009 03:10 AM - edited ‎03-10-2019 04:28 AM

Dear all

I have a core switch with 4 L3 vlans. Vlan 10, 11, 12 and the server vlan 4. Also I have IPS 4240.

I need to put the IPS between the core switch vlans and the server vlan 4. The interface vlan IP address of the vlan 4 on the core switch is 10.16.4.1 255.255.252.0

What I did:

On Core Switch

1- I create another vlan with name vlan 44. I removed the interface vlan 4 from the core switch. I added the interface vlan 44 with the IP address 10.16.4.1 255.255.252.0 which was for the vlan 4 to the core switch.

2- I assigned port gig 12/14 to the vlan 44 and I connect the management port of the IPS to this port. The IPS IP address is 10.16.4.6

3- I assigned port gig 12/15 to the vlan 4 and I connected to the IPS port gig 0/0.

4- I assigned port gig 12/16 to the vlan 44 and I connected to the IPS port gig 0/1.

On IPS

1- I enabled the interfaces gig 0/0 and gig 0/1.

2- I create inline interface pair with the interfaces gig0/0 and gig0/1.

3- I assigned the pair to the virtual sensor 0.

After all of this it doesn't work.

Please help ASAP.

Thanks,

Labels:
Preview file
41 KB
0 Helpful
2 Replies 2

marcabal
Cisco Employee
Cisco Employee

‎01-26-2009 07:43 AM

Your theory and steps are correct on how to implement this.

However, this won't work with ALL switches. I know there are some older Cisco switches that have a problem with this type of setup.

They have a bug, but because they are older switches there is not newer software available.

There are also some newer Cisco switches with the same bug. And a fix was released more than a year ago.

So if you are using an old switch that is no longer getting new versions, then upgrade to a newer switch.

If your switch is still getting new versions, then ensure you are running a recent version on your switch to ensure you have the bug fix.

If it is not a Cisco switch, then this setup might not work. It has never been tested with competitor switches.

There are, of course, other possibilities for what might be happening.

There might be a linking problem with your interfaces, or there might be a typo in your configuration somewhere.

What specifically is the problem you are seeing?

I assume your problem is that packets are not getting into vlan 3 to your servers?

I would try pinging your servers from your switch, and then watching packet counts on switch ports 12/15 and 12/16 as well as sensor ports 0/0 and 0/1.

Try to find the source of the problem by determining which port is not receiving/transmitting the packets.

You might look through the sensor logs using IDM to look for interface status messages to see if Link is going up and down.

You might also look to see if any alerts are being generated. If you have modified the signature configuration you may unintentionally be denying all traffic through the sensor.

You might consider turning on Software ByPass. Packets will flow through the sensor without being analyzed.

0 Helpful

amady3381
Level 1
Level 1
In response to marcabal

‎01-27-2009 10:27 AM

Thanks for your reply

Could you please give me the Bug ID?

Regards,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card