https://community.cisco.com/t5/network-security/switch-config-for-inline-interface-pair/m-p/2417872#M53183 <HTML><HEAD></HEAD><BODY><P>Thank you so much for the reply Bob</P><P></P><P>I am using an IPS appliance here. </P><P></P><P>So both the interfaces of the inline pair will be in different vlans. </P><P>As i understand now, traffic enters from internet to the switch on port configured in vlan1(default).</P><P>The default gateway on the switch has to be the virtual interface IP of the inside of my IPS?</P><P></P><P>Please correct if I am wrong..</P></BODY></HTML> Thu, 05 Dec 2013 07:23:30 GMT engineer467 2013-12-05T07:23:30Z https://community.cisco.com/t5/network-security/switch-config-for-inline-interface-pair/m-p/2417869#M53176 <P>Hello all</P><P></P><P>Am having a doubt here, so need your help.</P><P></P><P>I want to configure an IPS in inline interface mode. What I have is </P><P></P><P>internet rtr----&gt;Switch-----&gt;outside intrface of ASA</P><P></P><P></P><P>Here, I want to monitor/inspect the traffic coming from the internet.</P><P></P><P>I am planning to connect the inline interfaces to the same switch.</P><P></P><P>What am not sure is what will be the switchport configuration for the inline interface pair?</P><P></P><P>Also, How the switch will forward traffic to the IPS and then IPS to the ASA?</P><P></P><P></P><P></P><P>Thanks in advance <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P></P><P>..Abhi</P> Sun, 10 Mar 2019 13:06:26 GMT https://community.cisco.com/t5/network-security/switch-config-for-inline-interface-pair/m-p/2417869#M53176 engineer467 2019-03-10T13:06:26Z https://community.cisco.com/t5/network-security/switch-config-for-inline-interface-pair/m-p/2417870#M53179 <HTML><HEAD></HEAD><BODY><P>One more thing, there are no VLANs configured on the switch. Everything is in vlan1 by default.</P></BODY></HTML> Wed, 04 Dec 2013 10:13:56 GMT https://community.cisco.com/t5/network-security/switch-config-for-inline-interface-pair/m-p/2417870#M53179 engineer467 2013-12-04T10:13:56Z https://community.cisco.com/t5/network-security/switch-config-for-inline-interface-pair/m-p/2417871#M53182 <HTML><HEAD></HEAD><BODY><P>What are you using for an IPS, an appliance? an IOS IPS in the Internet router or the ASA?</P><P>If you want to feed the output of your IPS into the same switch as the input, you'll need to create two separate VLANS, one for the switch interfaces that are outside your IPS and the other for the interfaces that are inside your IPS.</P><P></P><P>interface Gi0/1</P><P>&nbsp; switchport access vlan 10</P><P> switchport mode access</P><P> switchport nonegotiate</P><P></P><P>interface Gi0/5</P><P>&nbsp; switchport access vlan 20</P><P> switchport mode access</P><P> switchport nonegotiate</P><P></P><P>interface vlan 10</P><P>interface vlan 20</P><P></P><P>- Bob</P></BODY></HTML> Wed, 04 Dec 2013 17:59:32 GMT https://community.cisco.com/t5/network-security/switch-config-for-inline-interface-pair/m-p/2417871#M53182 rhermes 2013-12-04T17:59:32Z https://community.cisco.com/t5/network-security/switch-config-for-inline-interface-pair/m-p/2417872#M53183 <HTML><HEAD></HEAD><BODY><P>Thank you so much for the reply Bob</P><P></P><P>I am using an IPS appliance here. </P><P></P><P>So both the interfaces of the inline pair will be in different vlans. </P><P>As i understand now, traffic enters from internet to the switch on port configured in vlan1(default).</P><P>The default gateway on the switch has to be the virtual interface IP of the inside of my IPS?</P><P></P><P>Please correct if I am wrong..</P></BODY></HTML> Thu, 05 Dec 2013 07:23:30 GMT https://community.cisco.com/t5/network-security/switch-config-for-inline-interface-pair/m-p/2417872#M53183 engineer467 2013-12-05T07:23:30Z https://community.cisco.com/t5/network-security/switch-config-for-inline-interface-pair/m-p/2417873#M53184 <HTML><HEAD></HEAD><BODY><P>Your IPS appliance will bridge the traffic between the two VLANS. </P><P>Assign your VLAN ports like this:</P><P></P><P>VLAN 10</P><P>internet connection</P><P>Outside interface of IPS sensor</P><P></P><P>VLAN 20</P><P>Inside connection to your network</P><P>Inside interface of your IPS sensor</P><P></P><P>PLEASE put your sensor on the inside of your firewall.</P><P></P><P>- Bob</P></BODY></HTML> Thu, 05 Dec 2013 15:25:24 GMT https://community.cisco.com/t5/network-security/switch-config-for-inline-interface-pair/m-p/2417873#M53184 rhermes 2013-12-05T15:25:24Z https://community.cisco.com/t5/network-security/switch-config-for-inline-interface-pair/m-p/2417874#M53185 <HTML><HEAD></HEAD><BODY><P>Hello Abhishek,</P><P></P><P>just to add in this:</P><P></P><P>Cisco Intrusion Prevention System interfaces configuration guide:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/cli/cliguide7/cli_interfaces.html#wp1031719">http://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/cli/cliguide7/cli_interfaces.html#wp1031719</A></P></BODY></HTML> Thu, 13 Feb 2014 05:23:23 GMT https://community.cisco.com/t5/network-security/switch-config-for-inline-interface-pair/m-p/2417874#M53185 Naveen Kumar 2014-02-13T05:23:23Z