Solved: IPS and Switching

Rodrigo Gurriti · ‎07-16-2007

Hello I have a theoretical question about vlan and IPS

suppose have an 4215 and a router. I want to run the ips with interface inline mode.

Would this here work fine ?

Router - WAN

- Ethernet Vlan 2

4215

-Ethernet 2 -> Vlan 2

-Ethernet 3 Vlan 3

-Inside network all in Vlan 3

Would the IPS bridge if all were in the same subnet ?

Cisco says

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00807517bb.html#wp1046883

If the paired interfaces are connected to the same switch, you should configure them on the switch as access ports with different access VLANs for the two ports. Otherwise, traffic does not flow through the inline interface.

Since I haven't read anything about deployment I had to ask to be 100% sure

pcomeaux · ‎07-17-2007

Yes - you are approaching this correctly.

On the sensor, you need to be sure to complete the Vlan pairing so it will act as a L2 bridge between Vlans 2 & 3.

The other option is to do IPS on a stick, where you trunk 2 & 3 down a single physical interface to the 4215.

Let us know how your project proceeds.

thxs

peter

View solution in original post

pcomeaux · ‎07-17-2007