Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

5-31

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 5 Configuring Interfaces

Configuring VLAN Group Mode

sensor(config-int)# exit

Apply Changes:?[yes]:

Step 16 Press Enter to apply the changes or enter no to discard them.

For More Information

For the procedure for assigning inline interface pairs to a virtual sensor, or deleting the inline interface

pair from the virtual sensor to which it is assigned, see Adding, Editing, and Deleting Virtual Sensors,

page 6-5.

Configuring VLAN Group Mode

This section describes VLAN Group mode and how to configure VLAN groups. It contains the following

topics:

• Understanding VLAN Group Mode, page 5-31

• Deploying VLAN Groups, page 5-32

• Configuring VLAN Groups, page 5-32

Understanding VLAN Group Mode

Note The ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and ASA 5585-X IPS SSP) do not

support VLAN groups mode.

You can divide each physical interface or inline interface into VLAN group subinterfaces, each of which

consists of a group of VLANs on that interface. Analysis Engine supports multiple virtual sensors, each

of which can monitor one or more of these interfaces. This lets you apply multiple policies to the same

sensor. The advantage is that now you can use a sensor with only a few interfaces as if it had many

interfaces.

Note You cannot divide physical interfaces that are in inline VLAN pairs into VLAN groups.

VLAN group subinterfaces associate a set of VLANs with a physical or inline interface. No VLAN can

be a member of more than one VLAN group subinterface. Each VLAN group subinterface is identified

by a number between 1 and 255. Subinterface 0 is a reserved subinterface number used to represent the

entire unvirtualized physical or logical interface. You cannot create, delete, or modify subinterface 0 and

no statistics are reported for it.

An unassigned VLAN group is maintained that contains all VLANs that are not specifically assigned to

another VLAN group. You cannot directly specify the VLANs that are in the unassigned group. When a

VLAN is added to or deleted from another VLAN group subinterface, the unassigned group is updated.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems IPS 7.1 Home Security System User Manual