Cisco Cisco FirePOWER Appliance 8250
C H A P T E R
9-1
FireSIGHT System User Guide
9
Setting Up Virtual Routers
You can configure a managed device in a Layer 3 deployment so that it routes traffic between two or
more interfaces. You must assign an IP address to each interface and assign the interfaces to a virtual
router to route traffic.
more interfaces. You must assign an IP address to each interface and assign the interfaces to a virtual
router to route traffic.
You can configure the system to route packets by making packet forwarding decisions according to the
destination address. Interfaces configured as routed interfaces receive and forward the Layer 3 traffic.
Routers obtain the destination from the outgoing interface based on the forwarding criteria, and access
control rules designate the security policies to be applied.
destination address. Interfaces configured as routed interfaces receive and forward the Layer 3 traffic.
Routers obtain the destination from the outgoing interface based on the forwarding criteria, and access
control rules designate the security policies to be applied.
In Layer 3 deployments, you can define static routes. In addition, you can configure Routing Information
Protocol (RIP) and Open Shortest Path First (OSPF) dynamic routing protocols. You can also configure
a combination of static routes and RIP or static routes and OSPF.
Protocol (RIP) and Open Shortest Path First (OSPF) dynamic routing protocols. You can also configure
a combination of static routes and RIP or static routes and OSPF.
Note that you cannot configure virtual routers, physical routed interfaces, or logical routed interfaces on
a virtual device or Sourcefire Software for X-Series.
a virtual device or Sourcefire Software for X-Series.
Caution
If a Layer 3 deployment fails for any reason, the device no longer passes traffic.
See the following sections for more information about configuring a Layer 3 deployment:
•
•
Configuring Routed Interfaces
License:
Control
Supported Devices:
Series 3
You can set up routed interfaces with either physical or logical configurations. You can configure
physical routed interfaces for handling untagged VLAN traffic. You can also create logical routed
interfaces for handling traffic with designated VLAN tags.
physical routed interfaces for handling untagged VLAN traffic. You can also create logical routed
interfaces for handling traffic with designated VLAN tags.
In a Layer 3 deployment, the system drops any traffic received on an external physical interface that does
not have a routed interface waiting for it. If the system receives a packet with no VLAN tag and you have
not configured a physical routed interface for that port, it drops the packet. If the system receives a
VLAN-tagged packet and you have not configured a logical routed interface, it also drops the packet.
not have a routed interface waiting for it. If the system receives a packet with no VLAN tag and you have
not configured a physical routed interface for that port, it drops the packet. If the system receives a
VLAN-tagged packet and you have not configured a logical routed interface, it also drops the packet.