cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
499
Views
0
Helpful
1
Replies
Highlighted
Explorer

Setting up sensor in inline interface pair mode

I have never set up a sensor in inline interface pair mode, and I had a couple of questions about it

It is my understanding that traffic from one vlan would be forwarded to another through the sensor (and then you would set up your ispection policies).

But how then would you set up the SPAN or capture ACLs on the switching side? A monitor session will put a port in a disabled mode (although I think you can use the monitor session x destination <interface> ingress to allow traffic from it).

Or would you use the

switchport capure

command with FSPAN on both interfaces?

Any advice would be great           

Everyone's tags (7)
1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Setting up sensor in inline interface pair mode

Hi,

For inline-pair, configuration should be something like this

Assuming switchport to be 1/1 and 1/2. IPS port Gig0/0 and Gig 0/1

1/1 and Gig0/0 should be in one vlan, lets say 800.

1/2 and Gig0/1 should be other vlan, lets say 810.

switchport config:

1/1

switchport

switchport access vlan 800

switchport mode acess

1/2

switchport

switchport access vlan 810

switchport mode access

All traffic from vlan 800 will be sent to port under vlan 810 and vice-versa after inspection.

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta

View solution in original post

1 REPLY 1
Beginner

Setting up sensor in inline interface pair mode

Hi,

For inline-pair, configuration should be something like this

Assuming switchport to be 1/1 and 1/2. IPS port Gig0/0 and Gig 0/1

1/1 and Gig0/0 should be in one vlan, lets say 800.

1/2 and Gig0/1 should be other vlan, lets say 810.

switchport config:

1/1

switchport

switchport access vlan 800

switchport mode acess

1/2

switchport

switchport access vlan 810

switchport mode access

All traffic from vlan 800 will be sent to port under vlan 810 and vice-versa after inspection.

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta

View solution in original post

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here
This widget could not be displayed.