Cisco Cisco Firepower Management Center 4000 Installationsanleitung
3-8
Cisco NGIPS for Blue Coat X-Series Installation and Configuration Guide
Chapter 3 Installing Cisco NGIPS for Blue Coat X-Series
Preparing for the Installation
Creating Monitor Circuits
For passive deployments, you must create monitor circuits for the sensing circuits. Monitor circuits
ensure that a copy of the network traffic is sent to the VAP group for analysis. You must configure
monitor circuits, sometimes called taps, using
ensure that a copy of the network traffic is sent to the VAP group for analysis. You must configure
monitor circuits, sometimes called taps, using
promiscuous-mode
.
For a passive deployment of Cisco NGIPS for Blue Coat X-Series, the following series of commands
creates a monitor circuit named
creates a monitor circuit named
n1e1
on the device named
n1e1
hosted on the VAP group named
XYZ
:
CBS# configure circuit n1e1
CBS(conf-cct)# link-state-resistant
CBS(conf-cct)# device-name n1e1
CBS(conf-cct)# vap-group XYZ
CBS(conf-cct-vapgroup)# promiscuous-mode
CBS(conf-cct-vapgroup)# end
CBS#
To configure monitor circuits:
Step 1
Create monitor circuits for passive interfaces by entering the following commands separately and in
sequence:
sequence:
CBS# configure circuit circuit_name
CBS(conf-cct)# link-state-resistant
CBS(conf-cct)# device-name device_name
CBS(conf-cct)# vap-group vap_group_name
CBS(conf-cct-vapgroup)# promiscuous-mode
CBS(conf-cct-vapgroup)# end
CBS#
where
circuit_name
is the name you assign to the circuit,
device_name
is the name of the device hosting
the circuit, and
vap_group_name
is the name of the VAP group hosting the device.
Repeat for each monitor circuit in all passive interfaces.
Creating Template Circuits
For inline deployments, you must create template circuits and child circuits for the sensing circuits. The
series of commands, detailed in the following procedure, creates a template circuit named
series of commands, detailed in the following procedure, creates a template circuit named
bridge_one
for the VAP group named
ABC
:
CBS# configure circuit bridge_one
CBS(conf-cct)# vap-group ABC
CBS(conf-cct-vapgroup)# end
CBS#
Later, you will configure template circuits as
bridge-mode
bridges and associate them with the
appropriate child circuits.
To create template circuits:
Step 1
Create a template circuit that will serve as an inline sensing circuit by entering the following commands
separately and in this sequence:
separately and in this sequence:
CBS# configure circuit bridge_circuit_name
CBS(conf-cct)# vap-group vap_group_name
CBS(conf-cct-vapgroup)# end
CBS#