10-16-2013 08:54 AM - edited 03-10-2019 06:04 AM
Is it possible to use a 4255 IPS inline on a 6509 with an FWSM?
For example say the FWSM has 20 vlans with servers on them, is it possible to put it inline between the different vlans? Would vlan pairs work for this or vlan groups?
10-17-2013 01:12 AM
you can use both vlan-pairs and vlan-groups in this scenario. In my opinion the vlan-pair setup is more simple then the vlan-group-setup, so I would look into that first.
Here is a link describing the system with more that one sensor to scale the bandwidth:
It's about an older version and has missing images, but still shows the concept of a "sensor on a stick".
Sent from Cisco Technical Support iPad App
10-17-2013 06:49 AM
I've read that before but for some reason I'm having a hard time understanding vlan pairs on a stick, I reality we have two 6509s with two FWSMs in active standby, I just don't see how I can get vlan traffic going to the IPS.
The 6500s aren't in a VSS either, just a layer 2 etherchannel trunk between them and both having servers on them in our various VLANS
Attached is a topology, I'm just not sure how i can setup the IPS inline to monitor traffic between all vlans
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide