Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IPS interfaces

on the IDSM-2 module are the interfaces (gi0/2 gi0/7, 8) on the actual IDS module or are they referring to ports on the switch that it is installed on?

Cisco Employee

Re: IPS interfaces

The ports Gi0/7 and Gi0/8 are the actual sensor ports that you configure within the sensor configuration.

Correspondingly there are also switch side ports for each of these 2 sensor ports.

If you are using IOS then gi0/7 is internally connected to "intrusion-detection module data-port 1";

and gi0/8 is internally connected to "intrusion-detection module data-port 2"

So when configuring the IDSM-2 you have to configure data-port 1 and 2 within the switch configuration, as well as configure Gi0/7 and Gi0/8 within the IDSM-2 configuration.

Cisco Employee

Re: IPS interfaces

To configure the sensing ports on the IDSM-2 for inline operations, complete the following


Step 1 Log in to the switch.

Step 2 Enter privileged mode:

cat6k> enable

Step 3 Set the native VLAN for the IDSM-2 sensing ports, which are ports 7 and 8:

cat6k (enable)> set vlan 651 3/7

cat6k (enable)> set vlan 652 3/8

Note For this example, the IDSM-2 is installed in slot 3.

Step 4 Clear all VLANs from each IDSM-2 sensing port, except for the native VLAN on

each port:

cat6k (enable)>clear trunk 3/7 1-650,652-4094

cat6k (enable)>clear trunk 3/8 1-651,653-4094

Step 5 Enable bridge protocol data unit (BPDU) spanning tree filtering on the IDSM-2

sensing ports to prevent spanning tree loops:

cat6k (enable)> set spantree bpdu-filter 3/7-8 enable

I hope this is useful


CreatePlease to create content