Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

how can i use IDSM-2 in inline mode for more than two VLANs?

can i use the IDSM-2 in inline mode to be ips to more than two VLANS

like this or it isn't

intrusion-detection module 5 data port 1 access-vlan 10,20,30,40,50

intrusion-detection module 5 data port 1 access-vlan 100,200

thank u all for your help

1 REPLY
Cisco Employee

Re: how can i use IDSM-2 in inline mode for more than two VLANs?

The IDSM-2 ports need to be configured as trunk ports with multiple vlans rather than as access ports.

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00807517eb.html#wp1068377

And instead of creating an inline interface pair by pairing Gig0/7 with Gig0/8 within the IDSM-2 configuration, you would create inline vlan pairs.

With an inline vlan pair you pair 2 vlans on the same interface.

You can have up to 255 inline vlan pairs on each interface (assumining you keep the total traffic from all of the pairs within the IDSM-2s performance limit of around 500Mbps)

How to create inline vlan pairs:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00807517bb.html#wp1047852

The other aspect you need to be aware of is that not all IOS versions will support configuring the IDSM-2 data ports as trunk ports for inline vlan pairs.

Your best bet is to use 12.2(18)SXF4 or a later version on the 12.2(18)SXF train.

The 12.2(33)SR train does not currently support the trunk feature for the IDSM-2.

202
Views
6
Helpful
1
Replies
CreatePlease to create content