Cisco Cisco Firepower Management Center 4000

26-3

FireSIGHT System User Guide

Chapter 26 Using Transport & Network Layer Preprocessors

Ignoring VLAN Headers

When you enable the

Ignore VLAN Header

detection setting, the system ignores the VLAN header so

packets can be correctly processed for your deployment.

To ignore VLAN headers:

Access:

Admin/Intrusion Admin

Step 1

Select

Policies > Intrusion > Intrusion Policy.

The Intrusion Policy page appears.

Step 2

Click the edit icon (

) next to the policy you want to edit.

If you have unsaved changes in another policy, click

to discard those changes and continue. See

Committing Intrusion Policy Changes, page 20-8

for information on saving unsaved changes in another

policy.

The Policy Information page appears.

Step 3

Click

Advanced Settings

in the navigation panel on the left.

The Advanced Settings page appears.

Step 4

You have two choices:

•

If the configuration is enabled, click

Edit

•

If the configuration is disabled, click

Enabled

, then click

Edit

The Detection Settings page appears. A message at the bottom of the page identifies the intrusion
policy layer that contains the configuration. See

Using Layers in an Intrusion Policy, page 23-1

for

more information.

Step 5

You have the following choices:

•

For deployed devices that might detect different VLAN tags for the same connection in traffic
traveling in different directions, select the

Ignore VLAN Header

check box to ignore VLAN headers

when identifying traffic.

•

For deployed devices that will not detect different VLAN tags for the same connection traffic
traveling in different directions, clear the

Ignore VLAN Header

check box to include VLAN headers

when identifying traffic.

Step 6

Save your policy, continue editing, discard your changes, revert to the default configuration settings in
the base policy, or exit while leaving your changes in the system cache. See the

Common Intrusion Policy

Editing Actions

table for more information.