From: Sharad Chandra (sharacha@cisco.com)
Date: Fri Oct 26 2007 - 17:37:16 ART
Hi Everyone,
I have IPS configured for inline inspection using VLAN pairing (vlan 10 and
20).
SW1 has three ports being used.f0/1,f0/2,f0/3
R1 connected to f0/1 - port defined as access port,access vlan 10
R2 connected to f0/2 - port defined as access port,access vlan 20
IPS connected to f0/3- port defined as 802.1q trunk.
It works great.R1 can reach R2 and signatures triggered.
Scenario two:
I have two switches in my topology.
Things change to:
SW1 has three ports being used.f0/1,f0/2,f0/3
SW2 has two ports f0/3 and f0/4
R1 connected to SW1 f0/1 - port defined as access port,access vlan 10
R2 connected to SW2 f0/4 - port defined as access port,access vlan 20
IPS connected to SW1 f0/3- port defined as 802.1q trunk.
SW1 and SW2 f0/3 is configured as 802.1q.
Now I am not able to communicate from R1 to R2.
No signatures triggered.
R1 and R2 sh arp does not show resolution happening for each other.
As a troubleshooting test,I changed access vlan on SW2 f0/4 to vlan 10 (just
to make sure if all is well with trunk between SW1 and SW2) and it works in
same vlan.
IPS no longer seems to be bridging vlans.
Am I missing something in second scenario ?
Regards,
Sharad Chandra.
This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:18 ART