Filter
Top Products
36-16
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 36 Managing IPS Device Interfaces
Configuring Interfaces
Note VLAN groups are supported in IPS 6.0 and later only. Not all IPS appliances or service modules support
VLAN groups. If the VLAN Groups tab does not appear in the Interfaces policy, the device you are
configuring does not support the feature.
Related Topics
• Understanding Interfaces, page 36-1
• Configuring Bypass Mode, page 36-12
• Configuring CDP Mode, page 36-13
• Configuring Physical Interfaces, page 36-10
• Defining A Virtual Sensor, page 37-5
• Editing Policies for a Virtual Sensor, page 37-9
• Assigning Interfaces to Virtual Sensors, page 37-4
Step 1 (Device view) Select Interfaces from the Policy selector, then click the VLAN Groups tab.
The table shows the existing VLAN groups, including the interface for which the group is defined, the
subinterface number, description (if any), and the VLANs assigned to the group. If the VLANs cell is
empty, the group is defined for all unassigned VLANs on the interface.
Step 2 Do one of the following:
• To add a pair, click the Add Row button. The Add VLAN Group dialog box opens.
• To edit a pair, select it and click the Edit Row button. The Edit VLAN Group dialog box opens.
Tip You can also delete a group by selecting it and clicking the Delete Row button. You cannot delete
a VLAN group if it is assigned to a virtual sensor. First remove the assignment to the virtual
sensor using the Virtual Sensors policy, and then delete the VLAN group.
Step 3 In the Add or Edit VLAN Group dialog box, configure the following options:
• Physical and Logical Interfaces—Select the physical interface or inline interface pair for which
you are creating this VLAN group. The list includes only unpaired physical interfaces (defined on
the Physical Interfaces tab) that do not already have inline VLAN pairs defined, or inline interface
pairs that are defined on the Inline Pairs tab. You can create multiple VLAN groups on a single
interface. Keep the following in mind:
–
If you select a physical interface, you are creating a promiscuous VLAN group.
–
If you select a logical interface, you are creating an inline VLAN group.
• Subinterface Number—Enter a number to assign as a subinterface. The number must be unique on
the interface, that is, it cannot already be assigned to another VLAN group on the selected interface.
Subinterface numbers can be from 1 to 255.
• Description—An optional description for the group.
• VLAN assignment—Select one of the following options:
–
All Unassigned VLAN IDs—The group contains all VLANs that are not assigned to other
VLAN groups. This is the default option