topic Setting up sensor in inline interface pair mode in Network Security https://community.cisco.com/t5/network-security/setting-up-sensor-in-inline-interface-pair-mode/m-p/2125324#M54319 <P>I have never set up a sensor in inline interface pair mode, and I had a couple of questions about it</P><P></P><P>It is my understanding that traffic from one vlan would be forwarded to another through the sensor (and then you would set up your ispection policies).</P><P></P><P>But how then would you set up the SPAN or capture ACLs on the switching side? A monitor session will put a port in a disabled mode (although I think you can use the monitor session x destination &lt;interface&gt; ingress to allow traffic from it).</P><P></P><P>Or would you use the </P><P></P><P>switchport capure </P><P></P><P>command with FSPAN on both interfaces?</P><P></P><P>Any advice would be great&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P> Sun, 10 Mar 2019 12:50:49 GMT Colin Higgins 2019-03-10T12:50:49Z Setting up sensor in inline interface pair mode https://community.cisco.com/t5/network-security/setting-up-sensor-in-inline-interface-pair-mode/m-p/2125324#M54319 <P>I have never set up a sensor in inline interface pair mode, and I had a couple of questions about it</P><P></P><P>It is my understanding that traffic from one vlan would be forwarded to another through the sensor (and then you would set up your ispection policies).</P><P></P><P>But how then would you set up the SPAN or capture ACLs on the switching side? A monitor session will put a port in a disabled mode (although I think you can use the monitor session x destination &lt;interface&gt; ingress to allow traffic from it).</P><P></P><P>Or would you use the </P><P></P><P>switchport capure </P><P></P><P>command with FSPAN on both interfaces?</P><P></P><P>Any advice would be great&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P> Sun, 10 Mar 2019 12:50:49 GMT https://community.cisco.com/t5/network-security/setting-up-sensor-in-inline-interface-pair-mode/m-p/2125324#M54319 Colin Higgins 2019-03-10T12:50:49Z Setting up sensor in inline interface pair mode https://community.cisco.com/t5/network-security/setting-up-sensor-in-inline-interface-pair-mode/m-p/2125325#M54321 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>For inline-pair, configuration should be something like this</P><P></P><P>Assuming switchport to be 1/1 and 1/2. IPS port Gig0/0 and Gig 0/1</P><P>1/1 and Gig0/0 should be in one vlan, lets say 800.</P><P>1/2 and Gig0/1 should be other vlan, lets say 810.</P><P></P><P>switchport config:</P><P>1/1</P><P>switchport</P><P>switchport access vlan 800</P><P>switchport mode acess</P><P></P><P>1/2</P><P>switchport</P><P>switchport access vlan 810</P><P>switchport mode access</P><P></P><P>All traffic from vlan 800 will be sent to port under vlan 810 and vice-versa after inspection.</P><P></P><P>Regards,</P><P>Sawan Gupta</P></BODY></HTML> Mon, 10 Dec 2012 04:53:05 GMT https://community.cisco.com/t5/network-security/setting-up-sensor-in-inline-interface-pair-mode/m-p/2125325#M54321 sawgupta 2012-12-10T04:53:05Z