Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

IDSM-2 inline VLAN pair mode

My customer has voice, video and data VLAN's. Customer wants to inspect only inter VLAN traffic ONLY for data to be inspected by IDSM-2 inline while bypassing other VLAN traffic to FWSM and then to WAN.

Is that possible with Inline VLAN pair mode?

I read the cisco document which states as below

"You can configure IDSM-2 to simultaneously bridge up to 255 VLAN pairs on each data port. IDSM-2 replaces the VLAN ID field in the 802.1q header of each packet with the ID of the VLAN on which the packet is forwarded. It drops any packets received on VLANs that are not assigned to an inline VLAN pair."

The last statement says it will drop all other vlan traffic which are not assigned to any inline vlan pair?




Re: IDSM-2 inline VLAN pair mode

You can bypass analysis engine when inline bypass is activated , allowing traffic to flow through the inline interfaces and inline VLAN pairs without inspection. Inline bypass ensures that packets continue to flow through the sensor when the sensor processes are temporarily stopped for upgrades or when the sensor monitoring processes fail. But not always.

New Member

Re: IDSM-2 inline VLAN pair mode

Thanks for reply.

However if analysis engine is working and certain vlans needs to bypass IDSM-2 inline inspection, is that possible?

New Member

Re: IDSM-2 inline VLAN pair mode

In that case I just wouldn't configure the VLAN pairing for the vlans you don't want to have inspected.

CreatePlease to create content