topic ISDM-2 configuration questions in Network Security https://community.cisco.com/t5/network-security/isdm-2-configuration-questions/m-p/2199210#M54018 <P>My client has an ISDM-2 blade in their 6504 chassis.&nbsp; They want to scan the following traffic:</P><P></P><P>Internet traffic to server network</P><P>Student traffic to server network</P><P>Internet traffic to student networks</P><P></P><P>The current configuration uses VACL's to send the traffic to the IPS, but when I look at the IPS with the GUI, it says that port g0/7.0 is a promiscuous interface.&nbsp; From what I read (this is my first go around with this blade), that when you are using VACL's, the IPS is in promiscous mode.&nbsp; If that is the case, I would think I need to configure the 6504 to use inline mode.</P><P></P><P>Here is my situation/question.&nbsp; The traffic fo the student network is on multiple vlans.&nbsp; I see that I can configure a range on the following command:</P><P></P><P>intrustion-detection module 4 data-port 2 access-vlan (vlan-range)</P><P></P><P>However, the student vlans are not in a continuous range (i.e. 20-30), they are broken up.&nbsp; So what I am wondering is if I can have multiple of the above command (like below)</P><P></P><P>intrustion-detection module 4 data-port 2 access-vlan 1-11</P><P>intrustion-detection module 4 data-port 2 access-vlan 20-22</P><P><SPAN style="font-size: 10pt;">intrustion-detection module 4 data-port 2 access-vlan 24</SPAN></P><P>intrustion-detection module 4 data-port 2 access-vlan 28</P><P></P><P>Let me know if this makes sense and if you have more questions.</P><P></P><P>TIA.</P><P></P><P>Dan</P> Tue, 26 Mar 2019 00:20:41 GMT deyster94 2019-03-26T00:20:41Z ISDM-2 configuration questions https://community.cisco.com/t5/network-security/isdm-2-configuration-questions/m-p/2199210#M54018 <P>My client has an ISDM-2 blade in their 6504 chassis.&nbsp; They want to scan the following traffic:</P><P></P><P>Internet traffic to server network</P><P>Student traffic to server network</P><P>Internet traffic to student networks</P><P></P><P>The current configuration uses VACL's to send the traffic to the IPS, but when I look at the IPS with the GUI, it says that port g0/7.0 is a promiscuous interface.&nbsp; From what I read (this is my first go around with this blade), that when you are using VACL's, the IPS is in promiscous mode.&nbsp; If that is the case, I would think I need to configure the 6504 to use inline mode.</P><P></P><P>Here is my situation/question.&nbsp; The traffic fo the student network is on multiple vlans.&nbsp; I see that I can configure a range on the following command:</P><P></P><P>intrustion-detection module 4 data-port 2 access-vlan (vlan-range)</P><P></P><P>However, the student vlans are not in a continuous range (i.e. 20-30), they are broken up.&nbsp; So what I am wondering is if I can have multiple of the above command (like below)</P><P></P><P>intrustion-detection module 4 data-port 2 access-vlan 1-11</P><P>intrustion-detection module 4 data-port 2 access-vlan 20-22</P><P><SPAN style="font-size: 10pt;">intrustion-detection module 4 data-port 2 access-vlan 24</SPAN></P><P>intrustion-detection module 4 data-port 2 access-vlan 28</P><P></P><P>Let me know if this makes sense and if you have more questions.</P><P></P><P>TIA.</P><P></P><P>Dan</P> Tue, 26 Mar 2019 00:20:41 GMT https://community.cisco.com/t5/network-security/isdm-2-configuration-questions/m-p/2199210#M54018 deyster94 2019-03-26T00:20:41Z ISDM-2 configuration questions https://community.cisco.com/t5/network-security/isdm-2-configuration-questions/m-p/2199211#M54019 <HTML><HEAD></HEAD><BODY><P> Here is how you configure the blade to work in inline mode:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_idsm2.html#wp1187460">http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_idsm2.html#wp1187460</A></P><P></P><P>And answering your second question, i can tell you that you can do what you are suggesting</P><P></P><P><EM>intrustion-detection module 4 data-port 2 access-vlan 1-11</EM></P><P><EM>intrustion-detection module 4 data-port 2 access-vlan 20-22</EM></P><P><EM>intrustion-detection module 4 data-port 2 access-vlan 24</EM></P><P><EM>intrustion-detection module 4 data-port 2 access-vlan 28</EM></P><P></P><P>On routers, but i'm 90% sure you can do the same on the module.</P></BODY></HTML> Wed, 27 Feb 2013 05:40:01 GMT https://community.cisco.com/t5/network-security/isdm-2-configuration-questions/m-p/2199211#M54019 jocamare 2013-02-27T05:40:01Z