From: Edward Norton (doubleccie@yahoo.com)
Date: Sat Mar 31 2007 - 12:09:57 ART
thanks for the info ..a quick question regarding the inline vlan mode , assume the following cenario
mgmt pc -----------vlan1-------sensor ------vlan2 -------Router
the sensor has one physical interface pairing between vlan1 and vlan 2.
my question is that ..in this case,since the sensor bridge the traffic between pair-vlans , the mgmt pc and the router interface will be on the same subnet although on different vlans ?
thx
Farrukh Haroon <farrukhharoon@gmail.com> wrote:
Hello Edward
1) The 4215 needs at least two sensing interfaces to do regular inline. You need to couple both in a 'pair' for inline mode to work.
2) No you don't configure any subnets with the IPS, its sensing interfaces have no IP addresses assigned at all.
3) You can use a new option 'Inline Vlan Pair', with which you can form a trunk interface between the switch and IPS (using one interface only). And then define upto 255 Vlan pairs per interface like
Vlan 10 < > Vlan 20
Vlan 1 < > Vlan 2
and then do filtering based on Vlans, see:
HTH
Regards
Farrukh
On 3/31/07, Edward Norton <doubleccie@yahoo.com> wrote: folks ;
I have 4215 with just one monitoring interface and i upgraded that box to release 5.1 , will it be possible do inline mode for IPS 4215 with just one monitoring interface by using sub-interfaces on that monitoring interface ??
another question , assume i have two physical monitoring interfaces to do the inline , will each one of those two interfaces be in separate subnet and the IPS do the routing , or it sits as transparent device in between?
appreciate the assistance
---------------------------------
It's here! Your new message!
Get new email alerts with the free Yahoo! Toolbar.
This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:53 ART