Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
699
Views
0
Helpful
2
Replies

6509 Uplink to ASA with Vlan Pair

Go to solution
danielnunes
Level 1
Level 1

‎04-29-2009 04:57 PM - edited ‎03-10-2019 04:36 AM

I have the following topology:

6509---->ASA----->Internet.

My 6509 have a IDSM.

intrusion-detection module 3 management-port access-vlan 2

intrusion-detection module 3 data-port 1 trunk allowed-vlan 352,603,1352,1603

I want to put the IDSM between 6509 and ASA.

6509 have a vlan 603 where Inside ASA is connected and I already created vlan 1603 to briding with 603, this way

I put the Inside cable of the ASA to vlan 1603, before was connected on vlan 603 but when I changed vlan switchport

of the ASA (603 to vlan 1603) my vlan 603 goes down and i can't access the internet.

Vlan 603 Goes Down because there are no users connected them but I thinked that How IDSM briding 603 with 1603

this vlan 603 will be UP again, but doesn't works.

How can I configure the IDM to UP this Vlan?

Labels:
Preview file
14 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎04-30-2009 12:48 AM

I assume the switch itself has a vlan 603 interface, and it is this vlan 603 interface that is going down.

By default the IDSM-2's data-ports are configured for "autostate exclude" which means that is the IDSM-2 port and the switches vlan interface are the only things on the vlan, then the switch will bring down it's interface. The switch excludes the IDSM-2 interface when looking for other ports on the vlan.

There is a command:

intrusion-detection module 3 data-port 1 autostate include

With this command the IDSM-2 port will now be included in the list of ports to watch, and the switch should now bring up its vlan 603 interface.

You can see the list of available commands for the IDSM-2 here:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_idsm2.html#wp1032690

View solution in original post

0 Helpful
2 Replies 2

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎04-30-2009 12:48 AM

I assume the switch itself has a vlan 603 interface, and it is this vlan 603 interface that is going down.

By default the IDSM-2's data-ports are configured for "autostate exclude" which means that is the IDSM-2 port and the switches vlan interface are the only things on the vlan, then the switch will bring down it's interface. The switch excludes the IDSM-2 interface when looking for other ports on the vlan.

There is a command:

intrusion-detection module 3 data-port 1 autostate include

With this command the IDSM-2 port will now be included in the list of ports to watch, and the switch should now bring up its vlan 603 interface.

You can see the list of available commands for the IDSM-2 here:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_idsm2.html#wp1032690

0 Helpful

Go to solution
danielnunes
Level 1
Level 1
In response to marcabal

‎04-30-2009 07:55 AM

Thank you very much for your assistance.

My issue was resolved.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card