Manualsbrain.com
  1. Handbücher
  2. Marken
  3. Cisco
  4. Cisco IPS 4520 Sensor
  5. Weißbuch

Cisco Cisco IPS 4520 Sensor Weißbuch

Download
Seite von 79
18
Firewall
August 2012 Series
18
Step 15:  
Configure the management VLAN and set the DMZ switch to be 
the spanning tree root for the management VLAN.
vlan 
1123
 name dmz-mgmt
spanning-tree vlan 1-4094
 
root primary
Step 16:  
Configure the interfaces that connect to the Cisco ASA firewalls.
interface GigabitEthernet
1/0/24
 description 
IE-ASA5545a Gig0/1
!
interface GigabitEthernet
2/0/24
 description 
IE-ASA5545b Gig0/1
!
interface range GigabitEthernet
1/0/24, 
GigabitEthernet
2/0/24
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 
1123
 switchport mode trunk
 spanning-tree portfast trunk
 macro apply EgressQoS
 logging event link-status
 logging event trunk-status
 no shutdown
Step 17:  
Configure the switch with an IP address so that it can be managed 
via in-band connectivity.
interface Vlan
1123
 description In-band management
 ip address 
192.168.23.5 255.255.255.0
 no shutdown
Step 18:  
Configure the appliance as the DMZ switch’s default route.
ip default-gateway 
192.168.23.1
Step 19:  
Configure bridge protocol data unit (BPDU) Guard globally to 
protect portfast-enabled interfaces.
spanning-tree portfast bpduguard default
Procedure 2 
Configure the demilitarized zone interface
Step 1:  
Connect to Cisco Adaptive Security Device Manager (ASDM) by 
navigating to https://ie-asa5545.cisco.local/admin, and then logging in with 
your username and password.
Step 2:  
Navigate to 
Configuration > Device Setup > Interfaces.
 
Step 3:  
Select the interface that is connected to the DMZ switch, and 
then click 
Edit
(Example: GigabitEthernet0/1). The Edit Interface dialog box 
appears.
Step 4:  
Select 
Enable Interface
, and then click 
OK
.
Step 5:  
In the Interface pane, click 
Add
and choose
Interface
. The Add 
Interface dialog box appears.
Step 6:  
In the Add Interface window, in the 
Hardware Port
 list, select the 
interface configured in Step 3 (Example: GigabitEthernet0/1)
Step 7:  
In the 
VLAN ID
 box, enter the VLAN number for the DMZ VLAN. 
(Example: 1123)
Step 8:  
In the 
Subinterface ID
 box, enter the VLAN number for the DMZ 
VLAN. (Example: 1123)
Step 9:  
Enter an 
Interface Name
. (Example: dmz-management)
Step 10:  
In the 
Security Level
 box, enter a value of 
50
.
Step 11:  
Enter the interface 
IP Address
. (Example: 192.168.23.1)