I have an 1Gbps AGM and I am configuring Anomaly Guard Module. For testing purpose, I am trying to bypass/route the traffic through AGM, but I could not. The configuration is as mentioned below. I have captured the traffic using packet-dump and I could understand that traffic is forwarded to AGM, but not leaving AGM.

Can you please advice, what is missing in this configuration to enable all traffic to pass through AGM.

Configuration:

6509 Config:

firewall multiple-vlan-interfaces

firewall module 2 vlan-group 161

firewall vlan-group 161 2,10,62

anomaly-guard module 8 port 1 allowed-vlan 2

anomaly-guard module 8 port 2 allowed-vlan 61,62

anomaly-guard module 8 port 1 native-vlan 2

!

vlan 2-3,10-12,20,50-51,61-62

!

end

AGM Config:

diversion hijacking receive-via-ip 172.17.61.16

diversion hijacking receive-via-vlan 61

diversion injection 172.18.10.0 255.255.255.0 nexthop 172.17.66.1

interface eth1

ip address 172.18.2.11 255.255.255.0

mtu 1500

no shutdown

exit

interface giga2

mtu 1500

proxy 172.17.61.15

no shutdown

exit

interface giga2.61

ip address 172.17.61.16 255.255.255.0

mtu 1500

no shutdown

exit

interface giga2.62

ip address 172.17.66.15 255.255.255.0

mtu 1500

no shutdown

exit

ip route 192.168.100.0 255.255.255.0 172.17.61.1 giga2.61

ip route 172.18.10.0 255.255.255.0 172.17.66.1 giga2.62

default-gateway 172.17.61.1

zone CUSTOMER GUARD_DEFAULT

ip address 172.18.10.0 255.255.255.0

no bypass-filter *

bypass-filter 10 * * * no-fragments

bypass-filter 11 172.17.61.1 * * no-fragments

bypass-filter 12 192.168.100.1 * * no-fragments

!

end