Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

5-30

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 5 Configuring Interfaces

Configuring Inline VLAN Pair Mode

Step 7 Enable the interface. You must assign the interface to a virtual sensor and enable it before it can monitor

traffic.

sensor(config-int-phy)# admin-state enabled

Step 8 Add a description of this interface.

sensor(config-int-phy)# description INT1

Step 9 Configure the duplex settings. This option is not available on the ASA IPS modules

(ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and ASA 5585-X IPS SSP).

sensor(config-int-phy)# duplex full

Step 10 Configure the speed. This option is not available on the ASA IPS modules (ASA 5500 AIP SSM,

ASA 5500-X IPS SSP, and ASA 5585-X IPS SSP).

sensor(config-int-phy)# speed 1000

Step 11 Set up the inline VLAN pair.

sensor(config-int-phy)# subinterface-type inline-vlan-pair

sensor(config-int-phy-inl)# subinterface 1

sensor(config-int-phy-inl-sub)# vlan1 52

sensor(config-int-phy-inl-sub)# vlan2 53

Step 12 Add a description for the inline VLAN pair.

sensor(config-int-phy-inl-sub)# description INT1 vlans 52 and 53

Step 13 Verify the inline VLAN pair settings.

sensor(config-int-phy-inl-sub)# show settings

subinterface-number: 1

-----------------------------------------------

description: INT1 vlans 52 and 53 default:

vlan1: 52

vlan2: 53

-----------------------------------------------

sensor(config-int-phy-inl-sub)#

Step 14 To delete VLAN pairs:

a. Delete one VLAN pair.

sensor(config-int-phy-inl-sub)# exit

sensor(config-int-phy-inl)# no subinterface 1

If this VLAN pair is the last one on the sensor, you receive the following error message:

Error: This "subinterface-type" contains less than the required number of

"subinterface" entries. Please add entry(s) to reach the minimum required entries or

select a different "subinterface-type".

Go to Step b to remove the last VLAN pair.

b. Delete all VLAN pairs.

sensor(config-int-phy-inl-sub)# exit

sensor(config-int-phy-inl)# exit

sensor(config-int-phy)# subinterface-type none

Step 15 Exit interface submode. You must also delete the interface from the virtual sensor to which it is assigned.

sensor(config-int-phy-inl-sub)# exit

sensor(config-int-phy-inl)# exit

sensor(config-int-phy)# exit

previous next