Cisco Cisco Firepower Management Center 2000 Installationsanleitung
5-3
Cisco NGIPS for Blue Coat X-Series Installation and Configuration Guide
Chapter 5 Managing Cisco NGIPS for Blue Coat X-Series
Using the Configuration Menu
To ensure that all packets are processed and not simply passed, you should use multiple VAPs in a
load-balanced VAP group. However, you may need to service a VAP, which could cause the VAP to pause
in processing while the VAP restarts.
load-balanced VAP group. However, you may need to service a VAP, which could cause the VAP to pause
in processing while the VAP restarts.
You can prevent traffic from going the a VAP you are servicing by removing the VAP from the available
VAP list until you have finished servicing the VAP. Then you can add the VAP to the VAP group and
rebalance the load. Make sure you plan these actions for times when they will have the least impact on
your deployment.
VAP list until you have finished servicing the VAP. Then you can add the VAP to the VAP group and
rebalance the load. Make sure you plan these actions for times when they will have the least impact on
your deployment.
To edit a load-balanced group:
Step 1
Use the
available-vap-list
command to restrict load balancing to only those VAPs you specify by
entering the following commands separately and in sequence:
CBS# config vap
-
group vap_group_name
CBS(config
-
vap
-
grp)# available-vap-list vap_1 vap_2 vap_4
CBS(config
-
vap
-
grp)# end
where
vap_group_name
is the name of the VAP group and
vap_1
,
vap_2
, and
vap_4
are the numbers that
identify the VAPs you want to use for load balancing. For example, if you have four VAPs in the
ABC
load-balanced group, but want to exclude
vap_3
, enter the following commands separately and in
sequence:
CBS# config vap
-
group ABC
CBS(config
-
vap
-
grp)# available-vap-list 1 2 4
CBS(config
-
vap
-
grp)# end
When you want to reinstate the VAP you removed from the list, add the VAP back to the list by entering
the following commands separately and in sequence:
the following commands separately and in sequence:
CBS# config vap
-
group ABC
CBS(config
-
vap
-
grp)#
available-vap-
list 1 2 3 4
CBS(config
-
vap
-
grp)# end
Tip
If you cannot remember which device in the Defense Center web interface corresponds to which VAP in
your VAP group, you can issue the
your VAP group, you can issue the
show ip addresses
command from the X-Series CLI. Keep in mind
that when you assign your devices sequential IP addresses, they are assigned in VAP-group order. For
example, if you assign 10.1.1.1 through 10.1.1.10 to VAPs in a group named
example, if you assign 10.1.1.1 through 10.1.1.10 to VAPs in a group named
ABC
, you know that
ABC_1
has an IP address of 10.1.1.1, and so on. You might also want to use the Device Management page on
the Defense Center web interface to name your software devices according to their VAP number.
the Defense Center web interface to name your software devices according to their VAP number.
Using the Configuration Menu
The configuration menu allows you to make several changes to the VAP settings. After you use the
X-Series CLI, the following menu is displayed:
X-Series CLI, the following menu is displayed:
3D Sensor Configuration Menu
1. Configure Management Interface
2. Configure Defense Center
3. Configure the Registration Key
4. Configure the NAT ID
5. Exit
Enter choice [5]:
Enter the configuration menu, then use the configuration menu to change the following settings for VAPs
in a VAP group:
in a VAP group: