My client has an ISDM-2 blade in their 6504 chassis. They want to scan the following traffic:
Internet traffic to server network
Student traffic to server network
Internet traffic to student networks
The current configuration uses VACL's to send the traffic to the IPS, but when I look at the IPS with the GUI, it says that port g0/7.0 is a promiscuous interface. From what I read (this is my first go around with this blade), that when you are using VACL's, the IPS is in promiscous mode. If that is the case, I would think I need to configure the 6504 to use inline mode.
Here is my situation/question. The traffic fo the student network is on multiple vlans. I see that I can configure a range on the following command:
intrustion-detection module 4 data-port 2 access-vlan (vlan-range)
However, the student vlans are not in a continuous range (i.e. 20-30), they are broken up. So what I am wondering is if I can have multiple of the above command (like below)
intrustion-detection module 4 data-port 2 access-vlan 1-11
intrustion-detection module 4 data-port 2 access-vlan 20-22
intrustion-detection module 4 data-port 2 access-vlan 24
intrustion-detection module 4 data-port 2 access-vlan 28
Let me know if this makes sense and if you have more questions.
TIA.
Dan