Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
5-37
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 5 Configuring Interfaces
Configuring VLAN Group Mode
d. Verify the settings.
sensor(config-int-phy-vla-sub)# show settings
subinterface-number: 1
-----------------------------------------------
description: <defaulted>
vlans
-----------------------------------------------
unassigned
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
sensor(config-int-phy-vla-sub)#
Note Assigning the unassigned VLANs to a separate virtual sensor allows you to specify a policy
for all VLANs that you have not specifically assigned to other groups. For example, you can
group your important internal VLANs in one group and apply a stringent security policy to
that group. You can group the other less important unassigned VLANs into another group,
and apply the default security policy to that group, so that only very serious alerts are
reported.
Step 13 Add a description for the VLAN group.
sensor(config-int-phy-inl-sub)# description INT1 vlans 52 and 53
Step 14 Verify the VLAN group settings.
sensor(config-int-phy-vla-sub)# show settings
subinterface-number: 1
-----------------------------------------------
description: GROUP1 default:
vlans
-----------------------------------------------
unassigned
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
-----------------------------------------------
sensor(config-int-phy-vla-sub)#
Step 15 Delete VLAN groups:
a. Delete one VLAN group.
sensor(config-int-phy-vla-sub)# exit
sensor(config-int-phy-vla)# no subinterface 1
If this VLAN group is the last one on the sensor, you receive an error message.
Error: This "subinterface-type" contains less than the required number of
"subinterface" entries. Please add entry(s) to reach the minimum required entries or
select a different "subinterface-type".
Go to Step b to remove the last VLAN group.
b. Delete all VLAN groups. You must also delete the VLAN group from the virtual sensor to which it
is assigned.
sensor(config-int-phy-vla-sub)# exit
sensor(config-int-phy-vla)# exit
sensor(config-int-phy)# subinterface-type none
 previous next