topic IDSM2 inline vlan pair mode in Network Security

IDSM2 inline vlan pair mode

isgphyd12 — Sun, 10 Mar 2019 11:12:02 GMT

I am working with the IDSM-2, We have Cisco 6509 with CSM & FWSM, We are planning IDSM-2 in Inline

vlan pair mode and now i want to monitor the traffic which is coming through Outside Interface of the FW cont

that is vlan160 in inline vlan pair mode ,I created the L2 vlan 161 and paired vlans 160 and 161.

My problem is iam able to sea the traffic on interface 0/8 but there is no alerts on IDSM.

The configuration i was done is

Router # config t

Router (conf) #vlan 161

Router (conf) # intrusion-detection module 9 data-port 2 trunk allowed-vlan 160,161

Router (conf) # exit

Sensor # conf t

Sensor (conf) # service interface

Sensor (conf-int) # physical-interfaces gigabit Ethernet 0/8

Sensor (conf-int-phy) # subinterface-type inline-vlan-pair

Sensor (conf-int-phy-inl) # subinterface 1

Sensor (conf-int-phy-inl-sub) # vlan 1 160

Sensor (conf-int-phy-inl-sub) # vlan 2 161

Sensor (conf-int-phy-inl-sub) # exit

apply changes : yes

Re: IDSM2 inline vlan pair mode

smahbub — Tue, 22 Jul 2008 15:06:52 GMT

You can use IDM or the CLI to configure IDSM-2 to operate in inline VLAN pair mode. To prepare IDSM-2 for inline VLAN pair mode, you must configure the switch as well as IDSM-2. Configure the switch first, then configure the IDSM-2 interfaces for inline VLAN pair mode.

Re: IDSM2 inline vlan pair mode

Farrukh Haroon — Wed, 23 Jul 2008 00:35:13 GMT

Is the pair added to the Virtual Sensor?

Regards

Farrukh

Re: IDSM2 inline vlan pair mode

isgphyd12 — Wed, 23 Jul 2008 09:11:52 GMT

Hi Farrukh,

Yes ,I was added the pair to virtual sensor.

Thanks

sridhar

Re: IDSM2 inline vlan pair mode

Farrukh Haroon — Wed, 23 Jul 2008 18:28:46 GMT

How are you testing the IDS?

Regards

Farrukh

Re: IDSM2 inline vlan pair mode

isgphyd12 — Thu, 24 Jul 2008 05:10:39 GMT

Traffic is going through the VLAN but there is no logs on event viewer.

I need a sample configuration with 6500---IDSM--FWSM. There might be a problem with 6500 configuration.

Valn 160 is Outside interface of FWSM context and there is not traffic on vlan 161 but we are able to access outside.

Re: IDSM2 inline vlan pair mode

Diego Armando Cambronero Arias — Tue, 08 Dec 2009 21:05:49 GMT

Hello,

I have a problem that i do not know how to handle. I have 100 Vlans and I would like to use the IPS to inspect traffic between these VLANS. I have 2 questions.

1) In a Vlan pair only 2 vlans are paired so the traffic between this VLANS will be inspected. How can I inspect the traffic for example when vlan 15 comunicates with vlan 20, 50, 30, 80 etc...?

2) I know that the comunication between the Switch and the IPS should be through a Trunk port. What else do I have to configure in the L3switch?

I would really appreciate the help

Re: IDSM2 inline vlan pair mode

Farrukh Haroon — Tue, 15 Dec 2009 06:30:06 GMT

Please open a separate post for this issue. Just select the 'New' button ot the top right of the screen and click on 'Discussion'.

You have to remember that the IPS in not a layer 3 device, its a L2 devices.....so you really don't have to wait for inter-VLAN routing. If the IPS will monitor one VLAN, it will cover ALL communication to/from that VLAN.

Regards

Farrukh