Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

IDSM2 inline vlan pair mode

I am working with the IDSM-2, We have Cisco 6509 with CSM & FWSM, We are planning IDSM-2 in Inline

vlan pair mode and now i want to monitor the traffic which is coming through Outside Interface of the FW cont

that is vlan160 in inline vlan pair mode ,I created the L2 vlan 161 and paired vlans 160 and 161.

My problem is iam able to sea the traffic on interface 0/8 but there is no alerts on IDSM.

The configuration i was done is

Router # config t

Router (conf) #vlan 161

Router (conf) # intrusion-detection module 9 data-port 2 trunk allowed-vlan 160,161

Router (conf) # exit

Sensor # conf t

Sensor (conf) # service interface

Sensor (conf-int) # physical-interfaces gigabit Ethernet 0/8

Sensor (conf-int-phy) # subinterface-type inline-vlan-pair

Sensor (conf-int-phy-inl) # subinterface 1

Sensor (conf-int-phy-inl-sub) # vlan 1 160

Sensor (conf-int-phy-inl-sub) # vlan 2 161

Sensor (conf-int-phy-inl-sub) # exit

apply changes : yes

7 REPLIES
Silver

Re: IDSM2 inline vlan pair mode

You can use IDM or the CLI to configure IDSM-2 to operate in inline VLAN pair mode. To prepare IDSM-2 for inline VLAN pair mode, you must configure the switch as well as IDSM-2. Configure the switch first, then configure the IDSM-2 interfaces for inline VLAN pair mode.

Re: IDSM2 inline vlan pair mode

Hello,

I have a problem that i do not know how to handle. I have 100 Vlans and I would like to use the IPS to inspect traffic between these VLANS. I have 2 questions.

1)  In a Vlan pair only 2 vlans are paired so the traffic between this VLANS will be inspected. How can I inspect the traffic for example when vlan 15 comunicates with vlan 20, 50, 30, 80 etc...?

2) I know that the comunication between the Switch and the IPS should be through a Trunk port. What else do I have to configure in the L3switch?

I would really appreciate the help

Re: IDSM2 inline vlan pair mode

Please open a separate post for this issue. Just select the 'New' button ot the top right of the screen and click on 'Discussion'.

You have to remember that the IPS in not a layer 3 device, its a L2 devices.....so you really don't have to wait for inter-VLAN routing. If the IPS will monitor one VLAN, it will cover ALL communication to/from that VLAN.

Regards

Farrukh

Re: IDSM2 inline vlan pair mode

Is the pair added to the Virtual Sensor?

Regards

Farrukh

New Member

Re: IDSM2 inline vlan pair mode

Hi Farrukh,

Yes ,I was added the pair to virtual sensor.

Thanks

sridhar

Re: IDSM2 inline vlan pair mode

How are you testing the IDS?

Regards

Farrukh

New Member

Re: IDSM2 inline vlan pair mode

Traffic is going through the VLAN but there is no logs on event viewer.

I need a sample configuration with 6500---IDSM--FWSM. There might be a problem with 6500 configuration.

Valn 160 is Outside interface of FWSM context and there is not traffic on vlan 161 but we are able to access outside.

977
Views
0
Helpful
7
Replies
CreatePlease to create content