Cisco Cisco Firepower Management Center 2000 Installationsanleitung
3-5
Cisco NGIPS for Blue Coat X-Series Installation and Configuration Guide
Chapter 3 Installing Cisco NGIPS for Blue Coat X-Series
Preparing for the Installation
CBS(config-vap-grp)# vap-count vap-count-quantity
CBS(config-vap-grp)# max-load-count max-load-quantity
where
vap-count-quantity
is the number of VAPs you want to create for the VAP group, and
max-load-quantity
is the maximum number of VAPs the VAP group can contain.
Tip
The
vap-count-quantity
and the
max-load-quantity
should be the same.
For example, if you have two licenses for Cisco NGIPS for Blue Coat X-Series, you can create two VAPs
by entering the following commands:
by entering the following commands:
CBS(config-vap-grp)# vap-count 2
CBS(config-vap-grp)# max-load-count 2
Step 3
Specify the APMs where you want the VAPs to run by entering the following:
CBS(config-vap-grp)# available-ap-list APM-names
where the
APM-names
is a list of the modules allowed to run the software.
Tip
Confirm that the APMs meet your hardware requirements before running this command.
For example, the following command allows the software to run on two of the three modules (hosted on
ap1, ap2, and ap5) and to reserve the third for common failover:
ap1, ap2, and ap5) and to reserve the third for common failover:
CBS(config-vap-grp)# available-ap-list ap1 ap2 ap5
Step 4
For IPv4 only: Create and assign a name to a flow rule to load-balance the traffic within the VAP group
by entering the following commands separately and in this sequence:
by entering the following commands separately and in this sequence:
CBS(config-vap-grp)# ip-flow-rule rule_name
CBS(ip-flow-rule)# action load-balance
CBS(ip-flow-rule)# activate
CBS(ip-flow-rule)# end
CBS#
where
rule_name
is the name of the flow rule. Because you want to load-balance the traffic, use the
action
load-balance
. See the XOS Command Reference Guide for more options.
Note
Do
not use either the
no skip-port
or the
no skip-protocol
option when creating your flow
rule.
For IPv6: Support for IPv6 load-balancing on the X-Series platform depends on the version of XOS
installed. See
installed. See
for more information.
Step 5
To create additional VAP groups, repeat steps 1 through 4.
Configuring the Management Circuits
You must create a management circuit, which the Cisco Defense Center and Cisco NGIPS for Blue Coat
X-Series use to communicate. On the management circuit, you must assign an IP address to each VAP
so that you can manage each instance of Cisco NGIPS for Blue Coat X-Series with the Defense Center.
Note that if your trusted management circuit is on a different subnet from your Defense Center, you must
create an IP route so that management traffic can cross subnets.
X-Series use to communicate. On the management circuit, you must assign an IP address to each VAP
so that you can manage each instance of Cisco NGIPS for Blue Coat X-Series with the Defense Center.
Note that if your trusted management circuit is on a different subnet from your Defense Center, you must
create an IP route so that management traffic can cross subnets.
The following series of commands, detailed in the following procedure, creates a management circuit
named
named
mgmt
and adds a VAP group named
ABC
to the circuit. It also assigns unique, consecutive
(10.1.16.107 through 10.1.16.110) IP addresses to four VAPs: the two VAPs that compose the ABC VAP
group.
group.