Solved: Setting up sensor in inline interface pair mode

Colin Higgins · ‎12-07-2012

I have never set up a sensor in inline interface pair mode, and I had a couple of questions about it

It is my understanding that traffic from one vlan would be forwarded to another through the sensor (and then you would set up your ispection policies).

But how then would you set up the SPAN or capture ACLs on the switching side? A monitor session will put a port in a disabled mode (although I think you can use the monitor session x destination <interface> ingress to allow traffic from it).

Or would you use the

switchport capure

command with FSPAN on both interfaces?

Any advice would be great

sawgupta · ‎12-09-2012

Hi,

For inline-pair, configuration should be something like this

Assuming switchport to be 1/1 and 1/2. IPS port Gig0/0 and Gig 0/1

1/1 and Gig0/0 should be in one vlan, lets say 800.

1/2 and Gig0/1 should be other vlan, lets say 810.

switchport config:

1/1

switchport

switchport access vlan 800

switchport mode acess

1/2

switchport

switchport access vlan 810

switchport mode access

All traffic from vlan 800 will be sent to port under vlan 810 and vice-versa after inspection.

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta

View solution in original post

sawgupta · ‎12-09-2012

Hi,

For inline-pair, configuration should be something like this

Assuming switchport to be 1/1 and 1/2. IPS port Gig0/0 and Gig 0/1

1/1 and Gig0/0 should be in one vlan, lets say 800.

1/2 and Gig0/1 should be other vlan, lets say 810.

switchport config:

1/1

switchport

switchport access vlan 800

switchport mode acess

1/2

switchport

switchport access vlan 810

switchport mode access

All traffic from vlan 800 will be sent to port under vlan 810 and vice-versa after inspection.

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta