Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPS and Switching

Hello I have a theoretical question about vlan and IPS

suppose have an 4215 and a router. I want to run the ips with interface inline mode.

Would this here work fine ?

Router - WAN

- Ethernet Vlan 2

4215

-Ethernet 2 -> Vlan 2

-Ethernet 3 Vlan 3

-Inside network all in Vlan 3

Would the IPS bridge if all were in the same subnet ?

Cisco says

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00807517bb.html#wp1046883

If the paired interfaces are connected to the same switch, you should configure them on the switch as access ports with different access VLANs for the two ports. Otherwise, traffic does not flow through the inline interface.

Since I haven't read anything about deployment I had to ask to be 100% sure

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: IPS and Switching

Yes - you are approaching this correctly.

On the sensor, you need to be sure to complete the Vlan pairing so it will act as a L2 bridge between Vlans 2 & 3.

The other option is to do IPS on a stick, where you trunk 2 & 3 down a single physical interface to the 4215.

Let us know how your project proceeds.

thxs

peter

1 REPLY
Cisco Employee

Re: IPS and Switching

Yes - you are approaching this correctly.

On the sensor, you need to be sure to complete the Vlan pairing so it will act as a L2 bridge between Vlans 2 & 3.

The other option is to do IPS on a stick, where you trunk 2 & 3 down a single physical interface to the 4215.

Let us know how your project proceeds.

thxs

peter

164
Views
0
Helpful
1
Replies
CreatePlease to create content