cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
410
Views
2
Helpful
1
Replies
Beginner

Passing VLAN traffic from FWSM to IPS Sensor 4270

Hey folks,

I've only been able to find one doc on CCO that demonstrates how to move FWSM traffic out to an external IPS appliance and then back into the chassis for forwarding to the rest of the network. It uses "auxiliary" VLANs.

FWSM routing and switching for my inquiry are all occurring through blades in the 6500 chassis with only the IPS being used located outside the box.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00808b4d9f.shtml

...it has a little section toward the bottom in the trouble-shooting section that mentions their one aux VLAN solution.

Anybody got a better more complete reference for this scenario?

Thanks,

m.

1 REPLY 1
Highlighted
Contributor

Re: Passing VLAN traffic from FWSM to IPS Sensor 4270

Users can configure the auxiliary VLAN feature on an 802.1x port and vice versa. When the switch recognizes a phone is attached to a port via CDP, it allows phone traffic on the auxiliary VLAN without 802.1x authentication. Then, the PC or Workstation connected (behind the phone) to the 802.1x port of the switch will use the port VLAN ID and authenticate following the dot1x protocol.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards