Cisco Cisco Firepower Management Center 2000 Installationsanleitung
3-12
Cisco NGIPS for Blue Coat X-Series Installation and Configuration Guide
Chapter 3 Installing Cisco NGIPS for Blue Coat X-Series
Using Optional Settings
CBS(intf-gig-logical)# circuit mgmt
CBS(intf-gig-log-cct)# end
Step 4
Using Optional Settings
In certain cases, you may need to use optional settings to correctly support your installation:
•
If your management circuit is on a different subnet from your Defense Center, create an IP route, as
described in
described in
•
If you intend to monitor IPv6 traffic, add support for it as described in
.
•
If you intend to monitor jumbo frame traffic, add support for it as described in
.
Configuring IP Routes
If your management circuit is on a different subnet from your Defense Center, you must create an IP
route so management traffic can cross subnets.
route so management traffic can cross subnets.
Step 1
To create an IP route, use the following commands:
CBS# configure
CBS(config)# ip
CBS(config-ip)# route vap-group vap_group_name 0.0.0.0/0 gateway_address domain_ID
where
vap_group_name
is the name of the VAP group you want to configure and
gateway_address
is
the default gateway address for the subnet on which the management circuit resides, and
domain_ID
is the domain ID.
Note
If you configured your management circuit to use an alternate domain ID, then, when creating
an IP route for that management circuit, the domain ID (
an IP route for that management circuit, the domain ID (
domain 2
in our example) is a necessary
part of the command.
For example, the VAP group you set up earlier is on the 10.1.16.0/24 subnet. If your Defense Center
is on a different subnet (such as 10.1.17.0/24), you could use the following commands to set up an
IP route for the VAP group named
is on a different subnet (such as 10.1.17.0/24), you could use the following commands to set up an
IP route for the VAP group named
ABC
:
CBS# configure
CBS(config)# ip
CBS(config-ip)# route vap-group ABC 0.0.0.0/0 10.1.16.1
domain 2
CBS(config-ip-route)# exit
CBS(config-ip-route)# end
Configuring IPv6 Detection
If your network traffic is predominantly IPv4 with some IPv6, you should use the following
configuration to detect the IPv6. This configuration also detects most IPv6 routing protocols and IPv4
to IPv6 transition and tunneling mechanisms.
configuration to detect the IPv6. This configuration also detects most IPv6 routing protocols and IPv4
to IPv6 transition and tunneling mechanisms.