Filter
Top Products
5-25
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 5 Configuring Interfaces
Configuring Inline VLAN Pair Mode
Step 14 Exit interface configuration submode.
sensor(config-int)# exit
Apply Changes:?[yes]:
Step 15 Press Enter to apply the changes or enter no to discard them.
For More Information
• For the procedure for configuring inline interface mode for the ASA 5500 AIP SSM, see Sending
Traffic to the ASA 5500 AIP SSM, page 18-10.
• For the procedure for configuring inline interface mode for the ASA 5500-X IPS SSP, see Assigning
Virtual Sensors to Adaptive Security Appliance Contexts, page 19-6.
• For the procedure for configuring inline interface mode for the ASA 5585-X IPS SSP, see Assigning
Virtual Sensors to Adaptive Security Appliance Contexts, page 20-7.
• For the procedure for assigning inline interface pairs to a virtual sensor, or deleting the inline
interface pair from the virtual sensor to which it is assigned, see Adding, Editing, and Deleting
Virtual Sensors, page 6-5.
Configuring Inline VLAN Pair Mode
This section describes inline VLAN pair mode and how to configure inline VLAN pairs. It contains the
following topics:
• Understanding Inline VLAN Pair Mode, page 5-25
• Configuring Inline VLAN Pairs, page 5-26
Understanding Inline VLAN Pair Mode
Note For information on what you need to configure if you are using the hardware bypass card on the IPS 4260
and the IPS 4270-20, see Hardware Bypass Configuration Restrictions, page 5-12.
Note The ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and ASA 5585-X IPS SSP) do not
support inline VLAN pairs.
Note For the IPS 4510 and IPS 4520, the maximum number of inline VLAN pairs you can create system wide
is 150. On all other platforms, the limit is 255 per interface.
You can associate VLANs in pairs on a physical interface. This is known as inline VLAN pair mode.
Packets received on one of the paired VLANs are analyzed and then forwarded to the other VLAN in the
pair.