Cisco Cisco Firepower Management Center 4000
8-8
FireSIGHT System User Guide
Chapter 8 Setting Up Virtual Switches
Configuring Virtual Switches
•
non-SYN-ACK/RST packets from the responder on a TCP connection after the SYN but before the
session is established
session is established
•
SYN packets on an established TCP connection from either the initiator or the responder
Note that if you associate the virtual switch with a logical hybrid interface, the switch uses the same strict
TCP enforcement setting as the virtual router associated with the logical hybrid interface. You cannot
specify strict TCP enforcement on the switch in this case.
TCP enforcement setting as the virtual router associated with the logical hybrid interface. You cannot
specify strict TCP enforcement on the switch in this case.
To configure advanced virtual switch settings:
Access:
Admin/Network Admin
Step 1
Select
Devices > Device Management
.
The Device Management page appears.
Step 2
Next to the device that contains the virtual switch you want to edit, click the edit icon (
).
The Interfaces tab appears.
Step 3
Click
Virtual Switches
.
The Virtual Switches tab appears.
Step 4
Next to the virtual switch that you want to edit, click the edit icon (
).
The Edit Virtual Switch pop-up window appears.
Step 5
Click
Advanced
.
The Advanced tab appears.
Step 6
To add a static MAC entry, click
Add
.
The Add Static MAC Address pop-up window appears.
Step 7
In the
MAC Address
field, type the address using the standard format of six groups of two hexadecimal
digits separated by colons (for example, 01:23:45:67:89:AB).
Note
Broadcast addresses (00:00:00:00:00:00 and FF:FF:FF:FF:FF:FF) cannot be added as static
MAC addresses.
MAC addresses.
Step 8
From the
Interface
drop-down list, select the interface where you want to assign the MAC address.
Step 9
Click
Add
.
The MAC address is added to the Static MAC Entries table.
To edit a MAC address, click the edit icon (
). To delete a MAC address, click the delete icon (
).
Step 10
Optionally, to enable the Spanning Tree Protocol, select
Enable Spanning Tree Protocol
. Select
Enable
Spanning Tree Protocol
only if your virtual switch switches traffic between multiple network interfaces.
You cannot select
Drop BPDUs
unless you clear
Enable Spanning Tree Protocol
.
Step 11
Optionally, select
Strict TCP Enforcement
to enable strict TCP enforcement.
If you associate the virtual switch with a logical hybrid interface, this option does not appear and the
switch uses the same setting as the virtual router associated with the logical hybrid interface.
switch uses the same setting as the virtual router associated with the logical hybrid interface.
Step 12
Optionally, select
Drop BPDUs
to drop BPDUs at the domain level. Select
Drop BPDUs
only if your virtual
switch routes traffic between VLANs on a single physical interface.
You cannot select
Enable Spanning Tree Protocol
unless you clear
Drop BPDUs.