07-16-2008 01:12 AM - edited 03-10-2019 04:12 AM
I am working with the IDSM-2, We have Cisco 6509 with CSM & FWSM, We are planning IDSM-2 in Inline
vlan pair mode and now i want to monitor the traffic which is coming through Outside Interface of the FW cont
that is vlan160 in inline vlan pair mode ,I created the L2 vlan 161 and paired vlans 160 and 161.
My problem is iam able to sea the traffic on interface 0/8 but there is no alerts on IDSM.
The configuration i was done is
Router # config t
Router (conf) #vlan 161
Router (conf) # intrusion-detection module 9 data-port 2 trunk allowed-vlan 160,161
Router (conf) # exit
Sensor # conf t
Sensor (conf) # service interface
Sensor (conf-int) # physical-interfaces gigabit Ethernet 0/8
Sensor (conf-int-phy) # subinterface-type inline-vlan-pair
Sensor (conf-int-phy-inl) # subinterface 1
Sensor (conf-int-phy-inl-sub) # vlan 1 160
Sensor (conf-int-phy-inl-sub) # vlan 2 161
Sensor (conf-int-phy-inl-sub) # exit
apply changes : yes
07-22-2008 08:06 AM
You can use IDM or the CLI to configure IDSM-2 to operate in inline VLAN pair mode. To prepare IDSM-2 for inline VLAN pair mode, you must configure the switch as well as IDSM-2. Configure the switch first, then configure the IDSM-2 interfaces for inline VLAN pair mode.
12-08-2009 01:05 PM
Hello,
I have a problem that i do not know how to handle. I have 100 Vlans and I would like to use the IPS to inspect traffic between these VLANS. I have 2 questions.
1) In a Vlan pair only 2 vlans are paired so the traffic between this VLANS will be inspected. How can I inspect the traffic for example when vlan 15 comunicates with vlan 20, 50, 30, 80 etc...?
2) I know that the comunication between the Switch and the IPS should be through a Trunk port. What else do I have to configure in the L3switch?
I would really appreciate the help
12-14-2009 10:30 PM
Please open a separate post for this issue. Just select the 'New' button ot the top right of the screen and click on 'Discussion'.
You have to remember that the IPS in not a layer 3 device, its a L2 devices.....so you really don't have to wait for inter-VLAN routing. If the IPS will monitor one VLAN, it will cover ALL communication to/from that VLAN.
Regards
Farrukh
07-22-2008 05:35 PM
Is the pair added to the Virtual Sensor?
Regards
Farrukh
07-23-2008 02:11 AM
Hi Farrukh,
Yes ,I was added the pair to virtual sensor.
Thanks
sridhar
07-23-2008 11:28 AM
How are you testing the IDS?
Regards
Farrukh
07-23-2008 10:10 PM
Traffic is going through the VLAN but there is no logs on event viewer.
I need a sample configuration with 6500---IDSM--FWSM. There might be a problem with 6500 configuration.
Valn 160 is Outside interface of FWSM context and there is not traffic on vlan 161 but we are able to access outside.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide