Zone-member security Question?

csc010627097 — Fri, 21 Feb 2020 12:40:44 GMT

Hi guys, If I configure on my router some sub-interfaces (let's say G0/0.2, g0/0.3, etc) and they belong to my inside network where should I apply the zone-member secury inside command? On the G0/0 or on each sub-interface that I have traffic to protect?

Thanks

Regards

Zone-member security Question?

Jennifer Halim — Sun, 01 Jul 2012 04:16:31 GMT

It should be on the sub interfaces because each sub interfaces belong to different subnet.

Zone-member security Question?

Ramraj Sivagnanam Sivajanam — Fri, 20 Jul 2012 18:22:29 GMT

Hi Bro

From what I’ve understood from your question, you said that both the subinterfaces are catered for the inside users but I’m guessing they are assigned to different groups of users/vlans e.g. VLAN 10 for Users in Level 1, and VLAN 20 for User in Level 2 etc.

If that’s the case, then I would apply the “zone-member security XXX” command on each of the sub interfaces. A sample is shown below;

class-map type inspect match-any CM_TEST

match protocol tcp

match protocol udp

match protocol icmp

policy-map type inspect PM_TEST

class type inspect CM_TEST

inspect

zone security inside-vlan10

zone security inside-vlan20

zone-pair security ZP_TEST source inside-vlan10 destination inside-vlan20

service-policy type inspect PM_TEST

interface GigabitEthernet0/0.10

description – LAN Users in Level 1 --

zone security inside-vlan10

encapsulation dot1q 10

ip address 10.10.10.1 255.255.255.0

interface GigabitEthernet0/0.20

description – LAN Users in Level 2 --

zone security inside-vlan20

encapsulation dot1q 20

ip address 10.10.20.1 255.255.255.0

P/S: If you think this comment is useful, please do rate them nicely 🙂

topic Zone-member security Question? in Network Security

Zone-member security Question?

Zone-member security Question?

Zone-member security Question?