Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

6509 Uplink to ASA with Vlan Pair

I have the following topology:

6509---->ASA----->Internet.

My 6509 have a IDSM.

intrusion-detection module 3 management-port access-vlan 2

intrusion-detection module 3 data-port 1 trunk allowed-vlan 352,603,1352,1603

I want to put the IDSM between 6509 and ASA.

6509 have a vlan 603 where Inside ASA is connected and I already created vlan 1603 to briding with 603, this way

I put the Inside cable of the ASA to vlan 1603, before was connected on vlan 603 but when I changed vlan switchport

of the ASA (603 to vlan 1603) my vlan 603 goes down and i can't access the internet.

Vlan 603 Goes Down because there are no users connected them but I thinked that How IDSM briding 603 with 1603

this vlan 603 will be UP again, but doesn't works.

How can I configure the IDM to UP this Vlan?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: 6509 Uplink to ASA with Vlan Pair

I assume the switch itself has a vlan 603 interface, and it is this vlan 603 interface that is going down.

By default the IDSM-2's data-ports are configured for "autostate exclude" which means that is the IDSM-2 port and the switches vlan interface are the only things on the vlan, then the switch will bring down it's interface. The switch excludes the IDSM-2 interface when looking for other ports on the vlan.

There is a command:

intrusion-detection module 3 data-port 1 autostate include

With this command the IDSM-2 port will now be included in the list of ports to watch, and the switch should now bring up its vlan 603 interface.

You can see the list of available commands for the IDSM-2 here:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_idsm2.html#wp1032690

2 REPLIES
Cisco Employee

Re: 6509 Uplink to ASA with Vlan Pair

I assume the switch itself has a vlan 603 interface, and it is this vlan 603 interface that is going down.

By default the IDSM-2's data-ports are configured for "autostate exclude" which means that is the IDSM-2 port and the switches vlan interface are the only things on the vlan, then the switch will bring down it's interface. The switch excludes the IDSM-2 interface when looking for other ports on the vlan.

There is a command:

intrusion-detection module 3 data-port 1 autostate include

With this command the IDSM-2 port will now be included in the list of ports to watch, and the switch should now bring up its vlan 603 interface.

You can see the list of available commands for the IDSM-2 here:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_idsm2.html#wp1032690

New Member

Re: 6509 Uplink to ASA with Vlan Pair

Thank you very much for your assistance.

My issue was resolved.

355
Views
0
Helpful
2
Replies