02-26-2013 01:44 PM - last edited on 03-25-2019 05:20 PM by ciscomoderator
My client has an ISDM-2 blade in their 6504 chassis. They want to scan the following traffic:
Internet traffic to server network
Student traffic to server network
Internet traffic to student networks
The current configuration uses VACL's to send the traffic to the IPS, but when I look at the IPS with the GUI, it says that port g0/7.0 is a promiscuous interface. From what I read (this is my first go around with this blade), that when you are using VACL's, the IPS is in promiscous mode. If that is the case, I would think I need to configure the 6504 to use inline mode.
Here is my situation/question. The traffic fo the student network is on multiple vlans. I see that I can configure a range on the following command:
intrustion-detection module 4 data-port 2 access-vlan (vlan-range)
However, the student vlans are not in a continuous range (i.e. 20-30), they are broken up. So what I am wondering is if I can have multiple of the above command (like below)
intrustion-detection module 4 data-port 2 access-vlan 1-11
intrustion-detection module 4 data-port 2 access-vlan 20-22
intrustion-detection module 4 data-port 2 access-vlan 24
intrustion-detection module 4 data-port 2 access-vlan 28
Let me know if this makes sense and if you have more questions.
TIA.
Dan
02-26-2013 09:40 PM
Here is how you configure the blade to work in inline mode:
http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_idsm2.html#wp1187460
And answering your second question, i can tell you that you can do what you are suggesting
intrustion-detection module 4 data-port 2 access-vlan 1-11
intrustion-detection module 4 data-port 2 access-vlan 20-22
intrustion-detection module 4 data-port 2 access-vlan 24
intrustion-detection module 4 data-port 2 access-vlan 28
On routers, but i'm 90% sure you can do the same on the module.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide