Cisco Cisco Firepower Management Center 2000 Installationsanleitung
3-13
Cisco NGIPS for Blue Coat X-Series Installation and Configuration Guide
Chapter 3 Installing Cisco NGIPS for Blue Coat X-Series
Using Optional Settings
IPv6 detection is disabled by default. You must enable it through the X-Series CLI on each VAP where
you intend to use it.
you intend to use it.
The procedures used on the Defense Center for IPv6 detection are the same as those used with all
devices.
devices.
To enable IPv6 support:
Step 1
Enable IPv6 support on for a specific VAP group. For example, enter:
CBS# configure vap-group vap_group_name
CBS(config-vap-grp)# enable-ipv6
CBS(config-vap-grp)# end
CBS#
where
vap_group_name
is the name of the VAP group you want to configure.
Note that the following information is automatically added to your VAP configuration when you
enable IPv6:
enable IPv6:
non-ip-flow-rule ipv6_rule
encapsulation ethernet type 34525
action pass-to-master
activate
This information is only created when in Series-6 operating mode. In Series-9 operating mode, this
information is no longer seen.
information is no longer seen.
When XOS V10.0 or later is configured for Series-9 operating mode and IPv6 is enabled for the VAP
group, IPv6 packets are handled as IP flows and non-IP flow rules do not apply, enabling IPv6 traffic
to be load-balanced across VAPs in a VAP group, the same way IPv4 traffic is processed. For more
information, see the XOS Command Reference Guide.
group, IPv6 packets are handled as IP flows and non-IP flow rules do not apply, enabling IPv6 traffic
to be load-balanced across VAPs in a VAP group, the same way IPv4 traffic is processed. For more
information, see the XOS Command Reference Guide.
Configuring Jumbo Frame Support
Unlike configuring jumbo frame settings for other Cisco devices, you do
not use the Defense Center to
configure jumbo frame support for Cisco NGIPS for Blue Coat X-Series.
Instead, if your network traffic uses jumbo frames and you want to properly detect those frames, enable
jumbo frame support on each VAP group where you intend to use it. Set the Maximum Transfer Unit
(MTU) size to a value from 68 to 9,000 (IPv4) or 1280 to 9,000 (IPv6) on each applicable circuit in the
VAP group and then reload the VAP group. The default MTU is 1500. Note that APMs with four cores
or less cannot support jumbo frames.
jumbo frame support on each VAP group where you intend to use it. Set the Maximum Transfer Unit
(MTU) size to a value from 68 to 9,000 (IPv4) or 1280 to 9,000 (IPv6) on each applicable circuit in the
VAP group and then reload the VAP group. The default MTU is 1500. Note that APMs with four cores
or less cannot support jumbo frames.
Tip
After you initially enable jumbo frames and reload the VAP group, you can change the MTU size without
reloading the VAP group.
reloading the VAP group.
To enable jumbo frame support:
Step 1
Enable jumbo frame support for the VAP group by entering the following commands separately and in
sequence:
sequence:
CBS# configure vap-group vap_group_name
CBS(config-vap-grp)# enable jumbo-frame
CBS(config-vap-grp)# end
CBS#
where
vap_group_name
is the name of the VAP group.