With VLAN groups, you can assign specific policies to different sets of VLANs. Here is a practical example. Note that the "group" mode work best when used in-line between two switches.
Switch A (dot1q) <----> Gi0/0 IPS Gi0/1 <----> (dot1q) Switch B
Let's say your trunk carries vlans 600 to 609. You can configure an "interface pair" on the IPS and call it "outside_pair" for example.
Then, proceed to configure VLAN groups -> create a group, specify subinterface "1" and select VLANs 600 to 604. Next, specify subinterface "2" and specify VLANs 605 to 609.
You can apply separate policies to outside_pair.1 (to handle the first 5 VLANs) and outside_pair.2 for the last 5 VLANs.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment