Cisco Cisco Firepower Management Center 4000 설치 가이드
3-11
Cisco NGIPS for Blue Coat X-Series Installation and Configuration Guide
Chapter 3 Installing Cisco NGIPS for Blue Coat X-Series
Preparing for the Installation
CBS(config-intf-gig)# logical n1e3
CBS(intf-gig-logical)# circuit n1e3
CBS(intf-gig-log-cct)# end
CBS# configure interface ethernet 1/5
CBS(config-intf-gig)# logical n1e5
CBS(intf-gig-logical)# circuit n1e5
CBS(intf-gig-log-cct)# end
CBS# configure interface ethernet 1/10
CBS(config-intf-gig)# logical mgmt
CBS(intf-gig-logical)# circuit mgmt
CBS(intf-gig-log-cct)# end
To associate physical ports with circuits:
Step 1
Configure an interface.
For example, if you are using the tenth port on the NPM to connect your trusted management network
to the
to the
mgmt
circuit, and that port is configured as a Gigabit Ethernet, enter the following command:
CBS# configure interface ethernet 1/10
Step 2
Define a logical interface for the physical port. You have three options:
– For the management circuit and sensing circuits that do
not carry VLAN traffic, define the
logical interface as follows:
CBS(config-intf-gig)# logical logical_circuit_name
where
logical_circuit_name
is the name of the logical circuit. For example, if the logical circuit
name is
mgmt
, enter the following:
CBS(config-intf-gig)# logical mgmt
– For sensing circuits that carry VLAN traffic where you want to use the circuit to monitor all the
VLAN traffic regardless of the VLAN tag, or where you want to monitor all of the VLANs
whose traffic is not being monitored by other, assigned circuits, define the logical interface as
follows:
whose traffic is not being monitored by other, assigned circuits, define the logical interface as
follows:
CBS(config-intf-gig)# logical-all logical_circuit_name
For example, if the logical circuit name is
outside
, enter the following:
CBS(config-intf-gig)# logical-all outside
– For sensing circuits that carry VLAN traffic where you want to use the circuit to monitor
specific VLAN traffic, define the logical interface as follows:
CBS(config-intf-gig)# logical logical_circuit_name ingress-vlan-tag low_tag high_tag
where
low_tag
and
high_tag
are, respectively, the low and high VLAN channel values. For
example, the following command configures the
outside
logical interface to pass traffic that has a
VLAN tag of 100:
CBS(config-intf-gig)# logical outside ingress-vlan-tag 100 100
You can create as many logical interfaces as there are VLAN channels, and map each one to a
separate sensing circuit. For more information on configuring circuits to carry VLAN traffic, see the
XOS Configuration Guide.
separate sensing circuit. For more information on configuring circuits to carry VLAN traffic, see the
XOS Configuration Guide.
Note that although it is not required, Blue Coat recommends naming the circuit and device identically
for ease of diagnostics and troubleshooting.
for ease of diagnostics and troubleshooting.
Step 3
Attach the circuit that you created earlier to the logical interface:
CBS(intf-gig-logical)# circuit logical_circuit_name
CBS(intf-gig-log-cct)# end
where
logical_circuit_name
is the name of the logical circuit. For example, if the logical circuit name
is
mgmt
, enter the following: