05-06-2014 12:22 AM - last edited on 03-25-2019 05:20 PM by ciscomoderator
Hi,
I'm trying to figure out how to deploy a Cisco ASA 5512-X IPS inline in bridge mode on an ethernet trunked interface.
switch1--------------vlan10,20----------------ASA IPS--------------vlan10,20----------------switch2
I basically want to drop the IPS inline without changing the existing switch configuration. Its works fine on a non trunked interface but when I configure it similar to the config below I hit the issue that I cant assign 2 separate interfaces to the same VLAN. The exact error is as follows
ERROR: VLAN 10 has been assigned to another interface.
This is such a common scenario I cant imagine there isnt a solution but I cant find one. Does anyone know ?
Thanks in advance
interface Ethernet0/2.10
vlan 10
nameif INSIDETEN
security-level 100
bridge-group 10
!
interface Ethernet0/2.20
vlan 20
nameif INSIDETWENTY
security-level 100
bridge-group 20
!
interface Ethernet0/3.10
vlan 10
nameif OUTSIDETEN
security-level 0
bridge-group 10
!
interface Ethernet0/3.20
vlan 20
nameif OUTSIDETWENTY
security-level 0
bridge-group 20
!
interface BVI10
ip address x.x.x.x y.y.y.y
interface BVI20
ip address x.x.x.x y.y.y.y
It doesn't work, I can't configure the VLANs on two different interfaces.
ASA(config-subif)# vlan 10
ERROR: VLAN 10 has been assigned to another interface
05-06-2014 09:46 AM
You can associate VLANs in pairs on a physical interface. This is known as inline VLAN pair mode. Packets received on one of the paired VLANs are analyzed and then forwarded to the other VLAN in the pair. but the ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and ASA 5585-X IPS SSP) do not support inline VLAN pairs. For more information you can check the following configuration guide.
http://www.cisco.com/c/en/us/td/docs/security/ips/7-1/configuration/guide/cli/cliguide71/cli_interfaces.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide