ip access-list extended ALL_TRAFFIC permit ip any any ! vlan access-map IDS_CAPTURE 10 match ip address ALL_TRAFFIC action forward capture ! vlan filter IDS_CAPTURE vlan-list 44 ! intrusion-detection module 4 management-port access-vlan 3 intrusion-detection module 4 data-port 1 capture intrusion-detection module 4 data-port 1 capture allowed-vlan 44,101 intrusion-detection module 4 data-port 1 autostate include
If the filter is applied to VLAN 44, even though VLAN 101 and 44 are allowed, the IDSM will only see traffic on VLAN 101 if it traverses VLAN 44.
There is a small note describing this between steps 8 and 9 in the Configuration Guide:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: