Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Zone-member security Question?

Hi guys, If I configure on my router some sub-interfaces (let's say G0/0.2, g0/0.3, etc) and they belong to my inside network where should I apply the zone-member secury inside command? On the G0/0 or on each sub-interface that I have traffic to protect?

Thanks

Regards

Everyone's tags (1)
2 REPLIES
Cisco Employee

Zone-member security Question?

It should be on the sub interfaces because each sub interfaces belong to different subnet.

Zone-member security Question?

Hi Bro

From what I’ve understood from your question, you said that both the subinterfaces are catered for the inside users but I’m guessing they are assigned to different groups of users/vlans e.g. VLAN 10 for Users in Level 1, and VLAN 20 for User in Level 2 etc.

If that’s the case, then I would apply the “zone-member security XXX” command on each of the sub interfaces. A sample is shown below;

!

class-map type inspect match-any CM_TEST

match protocol tcp

match protocol udp

match protocol icmp

!

policy-map type inspect PM_TEST

class type inspect CM_TEST

inspect

!

zone security inside-vlan10

zone security inside-vlan20

zone-pair security ZP_TEST source inside-vlan10 destination inside-vlan20

service-policy type inspect PM_TEST

!

interface GigabitEthernet0/0.10

description – LAN Users in Level 1 --

zone security inside-vlan10

encapsulation dot1q 10

ip address 10.10.10.1 255.255.255.0

!

interface GigabitEthernet0/0.20

description – LAN Users in Level 2 --

zone security inside-vlan20

encapsulation dot1q 20

ip address 10.10.20.1 255.255.255.0

!

P/S: If you think this comment is useful, please do rate them nicely :-)

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
906
Views
0
Helpful
2
Replies
CreatePlease login to create content