Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
712
Views
2
Helpful
1
Replies

Passing VLAN traffic from FWSM to IPS Sensor 4270

mprescher
Level 1
Level 1

‎08-14-2009 11:11 AM - edited ‎03-10-2019 04:44 AM

Hey folks,

I've only been able to find one doc on CCO that demonstrates how to move FWSM traffic out to an external IPS appliance and then back into the chassis for forwarding to the rest of the network. It uses "auxiliary" VLANs.

FWSM routing and switching for my inquiry are all occurring through blades in the 6500 chassis with only the IPS being used located outside the box.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00808b4d9f.shtml

...it has a little section toward the bottom in the trouble-shooting section that mentions their one aux VLAN solution.

Anybody got a better more complete reference for this scenario?

Thanks,

m.

Labels:
0 Helpful
1 Reply 1

bwilmoth
Level 5
Level 5

‎08-20-2009 08:32 AM

Users can configure the auxiliary VLAN feature on an 802.1x port and vice versa. When the switch recognizes a phone is attached to a port via CDP, it allows phone traffic on the auxiliary VLAN without 802.1x authentication. Then, the PC or Workstation connected (behind the phone) to the 802.1x port of the switch will use the port VLAN ID and authenticate following the dot1x protocol.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card