VLAN pair mode or VLAN group

martlee2 · ‎12-04-2015

what is ordering of ability of all mode of firewall?

i would like to know which mode has the strongest ability to defend attacks.

as i know vlan pair mode is the best one which can defend atomic attack,

but vlan group mode can work well in limited capacity, i would like to whether vlan group mode can defend atomic attack?

if so, can i say that vlan pair mode 's ability is just a subset of vlan group mode?

if so, vlan group mode is the strongest one ?

why my ISP using unpair mode ?

Bratin Saha · ‎12-05-2015

VLAN pair mode or VLAN group mode is mainly how the sensor interfaces are configured.

You can find more information on the same in the link below where they discuss the understanding and deployment of both modes.

http://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/cli/cliguide7/cli_interfaces.html#wp1063187

Let me know if you meant something else.

Please remember to select a correct answer and rate helpful posts.

Please mark this as answered if the information provided help resolve the query. Please open a new thread for any new query.

regards,

Bratin Saha

Cisco TAC

martlee2 · ‎12-06-2015

i know that they are configured in IPS not ASA,

i just woud like to whether vlan group mode can also defend atomic attack ?

and

would like to know why ISP not use pair mode, but use unpair mode ?

does it mean that unpair mode exposure in atomic attack?

what is ordering of ability of all mode of IPS?