Hi, I think both will work...the difference is with interface pair, the 1 ips interafce will be in 1 vlan and the 2nd interface will be in the 2nd vlan. while with interface vlan pair, its like creating a subinterface on a single ips interface where u assign the two vlans to the interface. This interface must be a trunkport on the switch.
For interface vlan pair, when traffic comes in from 1 vlan, the ips switch the vlan tag before sending it out. For the two senarios, if ure using a single switch, you must have separate vlans but same subnet. With interface pair, and if u have 2 switches, the vlan does not matter. Regards. ________________________________ From: Kingsley Charles <[email protected]> To: Stuart Hare <[email protected]> Cc: "[email protected]" <[email protected]> Sent: Saturday, August 29, 2009 3:20:01 PM Subject: Re: [OSL | CCIE_Security] IPS Sensor inter vlan pair mode with vlans in different subnet Hi Stu In most of the cases, each vlan has it's own subnet. Sensor interface supports 802.1q trunking but doesn't support interface vlan routing. I think, the limitation of not having inter vlan routing prevents bridging with routing of vlans with different subnets. In the case of inline vlan pair mode, how does the sensor decide/know which packet that it needs to bridge between the vlan pairs. With regards Kings On Sat, Aug 29, 2009 at 3:11 PM, Stuart Hare <[email protected]> wrote: Kings > > >This is where u would use inline interface pairs instead of vlan pairs. Set up >the switchports as access to ur respective vlans and assign both of the >interfaces to a single inline pair. > > >Hth >Stu > >Sent from my iPhone > >On 29 Aug 2009, at 10:14, Kingsley Charles <[email protected]> wrote: > > >Hi all >> >>IPS Sensor supports inter vlan pair mode with interface in the trunking mode. >>The sensor actually bridges i.e., swaps the vlan id of the incoming frame. >>Here, should both VLANs should be in same subnet. >>Can the VLAN be in different subnets? >>VLAN A - 10.20.30.0/24 >>VLAN B - 10.30.20.0/24 >>Can the sensor's interface be configured in inline vlan pair mode between >>vlan A and B? >> >> >>With regards >>Kings >_______________________________________________ >>For more information regarding industry leading CCIE Lab training, please >>visit www.ipexpert.com >>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
