Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1233
Views
0
Helpful
6
Replies

two switch connect to IPS

teymur azimov
Level 1
Level 1

‎07-26-2011 03:09 AM - edited ‎03-10-2019 05:25 AM

hi. I want to connect two switch to ips sensor. i configurate ips at interface inline pairs mode. swicthes interface ar configurated access or trunk mode.

my question is that: is the vlan which pass througth the ips must be same at both switch at this application??

yes or not?

Labels:
0 Helpful
6 Replies 6

rhermes
Level 7
Level 7

‎07-26-2011 07:44 AM

Teymur -

If you have configured your IPS sensor for in-line interface pairs, then the connections to your switches should be an access interface.

interface FastEthernet0/1

switchport access vlan 101

If you need to pass a trunk interface through your sensor, you have to change the sensor to in-line VLAN pairs. In this mode the sensor will not be fully transparent to traffic. It will translate incoming VLAN header tags to outgoing VLAN headers according to the VLAN pairs you create in the configuration.

- Bob

0 Helpful

teymur azimov
Level 1
Level 1
In response to rhermes

‎07-26-2011 08:09 AM

ok. if the switches access mode, the subnet must be same both swithes???

0 Helpful

rhermes
Level 7
Level 7

‎07-26-2011 08:35 AM

Yes, the subnet on both switches needs to be the same because the IPS sensors is transparent. It should act just like a patch cable between the switches.

- Bob

0 Helpful

denizkaya
Level 1
Level 1

‎07-28-2011 01:57 AM

Actually you can connect IPS to Switch Trunk ports as well. You need to configure VLAN groups on IPS to be able to inspect traffic passing through.

0 Helpful

teymur azimov
Level 1
Level 1
In response to denizkaya

‎07-28-2011 02:13 AM

ok. i want to configurate vlan 10 20 30 40 at both switches and switces interface configurated as trunk.

ips sensor configurate at inline vlan group mode.

i configurate this config at ips like as:

for example 1 switch connect to ips ge0/0 interface.

i create two subinterface in ge0/0.

subinterface 1 vlan 10 and 20 and policy 1 or vs0.

subinterface 2 vlan 30 and 40 and policy 2 or vs1.

also do this configuration as the same in ge0/1 interface at ips.

am i di rigth configuration??

0 Helpful

rhermes
Level 7
Level 7
In response to teymur azimov

‎07-28-2011 08:12 AM

Teymur

Please read this section on VLAN pairs to understand how they work:

http://www.cisco.com/en/US/partner/docs/security/ips/7.0/configuration/guide/cli/cli_interfaces.html#wp1047718

- Bob

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card