Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
36-15
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 36 Managing IPS Device Interfaces
Configuring Interfaces
Related Topics
Understanding Interfaces, page 36-1
Configuring Bypass Mode, page 36-12
Configuring CDP Mode, page 36-13
Configuring Physical Interfaces, page 36-10
Configuring VLAN Groups, page 36-15
Step 1 (Device view) Select Interfaces from the Policy selector, then click the VLAN Pairs tab.
Step 2 Do one of the following:
To add a pair, click the Add Row button. The Add VLAN Pair dialog box opens.
To edit a pair, select it and click the Edit Row button. The Edit VLAN Pair dialog box opens.
Tip You can also delete a pair by selecting it and clicking the Delete Row button. You cannot delete
an inline VLAN pair if it is assigned to a virtual sensor. First remove the assignment to the virtual
sensor using the Virtual Sensors policy, and then delete the inline VLAN pair.
Step 3 In the Add or Edit VLAN Pairs dialog box, configure the following options:
Physical Interfaces—Select the physical interface on which you are creating this VLAN pair. The
list includes only those interfaces that are defined on the Physical Interfaces tab and that are not
already part of an inline interface pair or VLAN group. However, you can create multiple VLAN
pairs on a single interface.
Subinterface Number—Enter a number to assign as a subinterface. The number must be unique on
the interface, that is, it cannot already be assigned to another VLAN pair on the selected physical
interface. Subinterface numbers can be from 1 to 255.
Description—An optional description for the pair.
VLAN A, B—The numbers of the two VLANs that you want to join as a pair. VLAN numbers are
from 1 to 4095. You must enter different numbers, and the numbers must not already be part of
another VLAN pair on the selected physical interface.
Step 4 Click OK to save your changes.
Configuring VLAN Groups
Use the VLAN Groups tab of the IPS Interfaces policy to configure the VLAN groups for physical
interfaces and inline interface pairs (logical interfaces). The summary table displays the existing VLAN
groups. You can create multiple VLAN groups on a single physical interface or inline interface pair. For
more information about VLAN group mode, see VLAN Group Mode, page 36-4.
A VLAN group consists of a group of VLAN IDs that exist on an interface. Each VLAN group consists
of at least one VLAN ID. You can have up to 255 VLAN groups per interface (logical or physical). Each
group can contain any number of VLAN IDs.
After you assign the VLAN IDs to the VLAN group, you must assign the VLAN group to a virtual sensor
for it to be operational. You can assign a single group to at most one virtual sensor. Use the Virtual
Sensors policy to make the assignment.