Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IPS Inline mode for IDSM2

Hi All,

We are trying to deploy IDSM2, which is acting in promiscous mode at this moment to act as inline ..We are understanding that, there are couple of methods by which we can deploy that,one by making interface pair config and other in vlan pair.........We are trying to deploy in vlan pair for the reason to support vlan in pair on those gigx/7 and Gigx/8 ,making those in trunk mode.

We are curious,whether there are any limitations on this mode when compared to the interface pair mode.

Any help is really appreciated



Anantha Subramanian Natarajan


Re: IPS Inline mode for IDSM2

Not really, there is no limitation that I know of. We run four IDSM-2 separated in two CAT6513 chassis, and I am not aware of a single feature that is unavailable in Inline Vlan pair (and is available in Inline interface pair).

For 4200 series sensors with physical interfaces, hardware bypass is perhaps one notable difference.

However I would except the experts on this forum to comment more on this :)



Community Member

Re: IPS Inline mode for IDSM2

I have a few IDSM2's deployed.. They seem to choke after so much through-put. Also watch the number of signatures. If they get too high it will effect performance. Some signatures are worse than others.

When you put the IDMS-2 inline, you have to watch through put. When you say interface pair for you mean attach via SPAN port. If so, this only gives IDS, but through-put is less of an issue.

CreatePlease to create content