08-27-2008 10:37 PM - edited 03-09-2019 09:21 PM
I have an 1Gbps AGM and I am configuring Anomaly Guard Module. For testing purpose, I am trying to bypass/route the traffic through AGM, but I could not. The configuration is as mentioned below. I have captured the traffic using packet-dump and I could understand that traffic is forwarded to AGM, but not leaving AGM.
Can you please advice, what is missing in this configuration to enable all traffic to pass through AGM.
Configuration:
6509 Config:
firewall multiple-vlan-interfaces
firewall module 2 vlan-group 161
firewall vlan-group 161 2,10,62
anomaly-guard module 8 port 1 allowed-vlan 2
anomaly-guard module 8 port 2 allowed-vlan 61,62
anomaly-guard module 8 port 1 native-vlan 2
!
vlan 2-3,10-12,20,50-51,61-62
!
end
AGM Config:
diversion hijacking receive-via-ip 172.17.61.16
diversion hijacking receive-via-vlan 61
diversion injection 172.18.10.0 255.255.255.0 nexthop 172.17.66.1
interface eth1
ip address 172.18.2.11 255.255.255.0
mtu 1500
no shutdown
exit
interface giga2
mtu 1500
proxy 172.17.61.15
no shutdown
exit
interface giga2.61
ip address 172.17.61.16 255.255.255.0
mtu 1500
no shutdown
exit
interface giga2.62
ip address 172.17.66.15 255.255.255.0
mtu 1500
no shutdown
exit
ip route 192.168.100.0 255.255.255.0 172.17.61.1 giga2.61
ip route 172.18.10.0 255.255.255.0 172.17.66.1 giga2.62
default-gateway 172.17.61.1
zone CUSTOMER GUARD_DEFAULT
ip address 172.18.10.0 255.255.255.0
no bypass-filter *
bypass-filter 10 * * * no-fragments
bypass-filter 11 172.17.61.1 * * no-fragments
bypass-filter 12 192.168.100.1 * * no-fragments
!
end
09-02-2008 01:49 PM
The Guard module can operate at two different bandwidth performance levels: 1 Gigabit per second (Gbps) or 3 Gbps. The software image that you load on the Guard module determines the operating bandwidth by controlling the three physical interfaces between the module and the supervisor engine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide