We have cat 6509 switch with FWSM, IDSM-2, NAM modules. Customer wants all the internal VLAN's to be monitored by IDSM in inline mode. Customer has around 400 VLANS in datacenter and wants to monitor all communications between VLAN's. How do I monitor all VLAN's when IDSM has 2 data ports and can only span 255 vlan groups per port?
I don't know if anyone is still watching this or not but that's a lot of VLANs to go through a (single?) IDSM. Technically you should be able to do it by splitting the VLAN pairs across the two data ports (i.e. vlan 2-200,1002-1200 on DP 1 and vlan 300-500,1300-1500 on DP 2). Considering each IDSM only has a throuput of 500MBps when deep scanning, you're going to potentially be limiting your throughput considerably if you do this.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...