Passing VLAN traffic from FWSM to IPS Sensor 4270

Unanswered Question
Aug 14th, 2009

Hey folks,

I've only been able to find one doc on CCO that demonstrates how to move FWSM traffic out to an external IPS appliance and then back into the chassis for forwarding to the rest of the network. It uses "auxiliary" VLANs.

FWSM routing and switching for my inquiry are all occurring through blades in the 6500 chassis with only the IPS being used located outside the box. has a little section toward the bottom in the trouble-shooting section that mentions their one aux VLAN solution.

Anybody got a better more complete reference for this scenario?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
bwilmoth Thu, 08/20/2009 - 08:32

Users can configure the auxiliary VLAN feature on an 802.1x port and vice versa. When the switch recognizes a phone is attached to a port via CDP, it allows phone traffic on the auxiliary VLAN without 802.1x authentication. Then, the PC or Workstation connected (behind the phone) to the 802.1x port of the switch will use the port VLAN ID and authenticate following the dot1x protocol.


This Discussion