https://community.cisco.com/t5/network-security/cisco-asa-ips-inline-in-bridge-mode-on-a-trunked-interface/m-p/2439913#M45585 <P>You can associate VLANs in pairs on a physical interface. This is known as inline VLAN pair mode. Packets received on one of the paired VLANs are analyzed and then forwarded to the other VLAN in the pair. but the ASA IPS modules (ASA&nbsp;5500&nbsp;AIP&nbsp;SSM, ASA&nbsp;5500-X&nbsp;IPS&nbsp;SSP, and ASA&nbsp;5585-X&nbsp;IPS&nbsp;SSP) do not support inline VLAN pairs. For more information you can check the following configuration guide.</P><P>http://www.cisco.com/c/en/us/td/docs/security/ips/7-1/configuration/guide/cli/cliguide71/cli_interfaces.html</P><P>&nbsp;</P> Tue, 06 May 2014 16:46:23 GMT Ravi Singh 2014-05-06T16:46:23Z https://community.cisco.com/t5/network-security/cisco-asa-ips-inline-in-bridge-mode-on-a-trunked-interface/m-p/2439912#M45583 <P>Hi,</P><P>I'm trying to figure out how to deploy a Cisco ASA 5512-X IPS inline in bridge mode on an ethernet trunked interface.</P><P>switch1--------------vlan10,20----------------ASA IPS--------------vlan10,20----------------switch2</P><P>I basically want to drop the IPS inline without changing the existing switch configuration. Its works fine on a non trunked interface but when I configure it similar to the config below I hit the issue that I cant assign 2 separate interfaces to the same VLAN. The exact error is as follows</P><P>ERROR: VLAN 10 has been assigned to another interface.</P><P>This is such a common scenario I cant imagine there isnt a solution but I cant find one.&nbsp; Does anyone know ?</P><P>Thanks in advance</P><P>interface Ethernet0/2.10<BR />vlan 10<BR />nameif INSIDETEN<BR />security-level 100<BR />bridge-group 10<BR />!<BR />interface Ethernet0/2.20<BR />vlan 20<BR />nameif INSIDETWENTY<BR />security-level 100<BR />bridge-group 20<BR />!<BR />interface Ethernet0/3.10<BR />vlan 10<BR />nameif OUTSIDETEN<BR />security-level 0<BR />bridge-group 10<BR />!<BR />interface Ethernet0/3.20<BR />vlan 20<BR />nameif OUTSIDETWENTY<BR />security-level 0<BR />bridge-group 20<BR />!<BR />interface BVI10<BR />ip address x.x.x.x y.y.y.y</P><P>interface BVI20<BR />ip address x.x.x.x y.y.y.y</P><P>It doesn't work, I can't configure the VLANs on two different interfaces.</P><P>ASA(config-subif)# vlan 10<BR />ERROR: VLAN 10 has been assigned to another interface</P><P>&nbsp;</P> Tue, 26 Mar 2019 00:20:55 GMT https://community.cisco.com/t5/network-security/cisco-asa-ips-inline-in-bridge-mode-on-a-trunked-interface/m-p/2439912#M45583 hancorp 2019-03-26T00:20:55Z https://community.cisco.com/t5/network-security/cisco-asa-ips-inline-in-bridge-mode-on-a-trunked-interface/m-p/2439913#M45585 <P>You can associate VLANs in pairs on a physical interface. This is known as inline VLAN pair mode. Packets received on one of the paired VLANs are analyzed and then forwarded to the other VLAN in the pair. but the ASA IPS modules (ASA&nbsp;5500&nbsp;AIP&nbsp;SSM, ASA&nbsp;5500-X&nbsp;IPS&nbsp;SSP, and ASA&nbsp;5585-X&nbsp;IPS&nbsp;SSP) do not support inline VLAN pairs. For more information you can check the following configuration guide.</P><P>http://www.cisco.com/c/en/us/td/docs/security/ips/7-1/configuration/guide/cli/cliguide71/cli_interfaces.html</P><P>&nbsp;</P> Tue, 06 May 2014 16:46:23 GMT https://community.cisco.com/t5/network-security/cisco-asa-ips-inline-in-bridge-mode-on-a-trunked-interface/m-p/2439913#M45585 Ravi Singh 2014-05-06T16:46:23Z