Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IDSM inline VLAN pairing

We have cat 6509 switch with FWSM, IDSM-2, NAM modules. Customer wants all the internal VLAN's to be monitored by IDSM in inline mode. Customer has around 400 VLANS in datacenter and wants to monitor all communications between VLAN's. How do I monitor all VLAN's when IDSM has 2 data ports and can only span 255 vlan groups per port?

Please suggest!

Vinod

2 REPLIES
Community Member

Re: IDSM inline VLAN pairing

I don't know if anyone is still watching this or not but that's a lot of VLANs to go through a (single?) IDSM. Technically you should be able to do it by splitting the VLAN pairs across the two data ports (i.e. vlan 2-200,1002-1200 on DP 1 and vlan 300-500,1300-1500 on DP 2). Considering each IDSM only has a throuput of 500MBps when deep scanning, you're going to potentially be limiting your throughput considerably if you do this.

Community Member

Re: IDSM inline VLAN pairing

you could always rock transparent mode on trunk :)

215
Views
0
Helpful
2
Replies
CreatePlease to create content