PAIR OF VLAN

Guys I have a small and stupid question.

Is there a problem with TCP using pairs of VLAN. The IPS resets the connections? Problem is that I do for example a PAIR of vlan 50 do VLAN 51 when traffic is a native of vlan 50 he will inspect traffic and sent to VLAN 51 say that was a SYN packet

I have my switch configured to route traffic comes from vlan 50 so the IPS can watch it. But I don't have a map of the route configured for VLAN 51 returned traffic... So the IPS will never see the SYN ACK to come.

Is this a problem?

For inline VLAN matching, if the sensor will not see the full TCP stream, this can be a problem for the sensor determines that he is attempting to evade the IDS and refuse to turn traffic traffic.  This can cause the sensor to deny traffic in turn.

You can order the sensor to operate in a mode of asymmetrical treatment that relax the normalizer TCP, as shown here:

http://www.Cisco.com/en/us/docs/security/IPS/7.0/Configuration/Guide/CLI/cli_virtual_sensors.html#wp1038004

Scott

Tags: Cisco Security

Similar Questions

  • 6509 uplink to ASA with pair of Vlan

    I have the following topology:

    6509---> ASA---> Internet.

    My 6509 have a JOINT.

    intrusion detection module 3 management access port - vlan 2

    3-port data module 1 intrusion detection allowed - vlan trunk 352,603,1352,1603

    I want to put the JOINT between 6509 and ASA.

    6509 have a vlan 603 where inside the ASA is connected and I have already created VLANs to briding with 603 1603, this way

    I put the cable inside the ASA to vlan 1603, before was connected on vlan 603 but when I changed switchport vlan

    SAA (603 to vlan 1603) my vlan 603 breaks down and I can't access the internet.

    VLAN 603 down because there is that no user not connected them but I thought that briding how JOINT 603 with 1603

    This vlan 603 will be again, but does not work.

    How can I configure the IDM to this Vlan?

    I guess the switch itself has a 603 interface vlan, and it is this 603 interface vlan that goes down.

    By default the JOINT-2 data ports are configured to exclude "autostate" which means that is the JOINT-2 port and the interface vlan switches are the only things on the vlan, then the switch will lower its interface. The switch does not include the JOINT-2 interface when you are looking for other ports in the vlan.

    There is a command:

    3-port data module 1 intrusion detection autostate include

    With this command the JOINT-2 port will now appear in the list of ports to monitor, and the switch must now implement its 603 interface vlan.

    You can see the list of available commands for the JOINT-2 here:

    http://www.Cisco.com/en/us/docs/security/IPS/7.0/Configuration/Guide/CLI/cli_idsm2.html#wp1032690

  • IPS Inline vlan pair

    Hello

    I want to set up the pair of vlan IPS inline for DMZ area, I have been through the guide of the user for pair of vlan IPS 7.0 heading inline, as I saw the pair configuration example of vlan inline, but it is not unclear to me

    Please take a look at the attached and pls explain the flow of traffic, the server goes to internet if we create a pair of vlan.

    Each default gateway server is firewall DMZ ASA interface.

    Thank you

    You are right.

    Traffic runs just like that. All servers will be on VLAN 2 from the switch and the ASA on the VLAN 3 all connected to the same switch. The IPS will be also connected to these same switches. A single interface to the IPS will be be connected to a trunk port on this switch with two VLANs allowed on the trunk and the pair VLAN configured on the IPS.

    You are right.

    BTW. Yesterday I saw someone on a study group request the same thing as you.

  • The switch configuration of 6500 catalyst for IPS Inline the METHOD works

    I understand how to configure the switch Catalyst 6500 so that the monitoring of ports are access ports in two VLAN separate operation online.

    However, I don't see any document that describes how the desired VLAN traffic gets forced through the IPS.

    "Promiscuous" mode, you can use copy/capture VACL and forwards traffic wished the METHOD of analysis. I don't see how to get traffic desired through the IPS.

    Note that the 6500 host is running native SXE IOS 12.2 (18).

    Thanks for any help.

    A transparent firewall is a pretty good comparison.

    Say you have vlan 10 with 100 PCs and 1 router for the network.

    If you want to apply a transparent firewall on this vlan you can put not just the Firewall interface on vlan 10. Nothing would go through the firewall.

    Instead, you need to create a new vlan, say 1010. Now you place the Firewall interface on vlan 10 and the other on the vlan 1010. Nothing is still going through the firewall. So now move you that router from vlan 10 to vlan 1010. Everything you do is to change the vlan, IP address and the mask of the router remain the same.

    The firewall transparent bridge vlan 10 and vlan 1010. The SCP on the vlan 10 ae is able to communicate and through the router, but must go through the transparent firewall to do.

    The firewall is transparent because there no IP Route between 2 VLANS, instead, the same IP subnet is on the VLAN and the transparent firewall ensuring the beidges between the 2 VLANS.

    The transparent firewall can do firewall between the SCP on the vlan 10 and the router on vlan 1010. But PC has vlan 10 talks for PC B on vlan 10, then the transparent firewall does not see and cannot block this traffic.

    An InLine sensor is very similar to the transparent firewall and will fill between the 2 VLANS. And similarly an InLine sensor is able to monitor InLine between PCs traffic on vlan 10 and the router on vlan 1010, but will not be able to monitor the traffic between 2 PCs on vlan 10.

    Now the PC on the other vlan and the router on a virtual LAN is a classic deployment for the sensors online, but your VLAN need not be divided in this way. You can choose to place some servers in one vlan and desktop to another vlan. You subdivide them VLAN to whatever the logical method for your deployment.

    Now for the surveillance of several VLANs the same principle still applies. You can't control traffic between machines on the same vlan. So for each the VLAN that you want to analyze, you will need to create a new vlan and divide the machines between the 2 VLANS.

    In your case with Native IOS, you are limited to only 1 pair of VLAN for InLine followed, but your desired deployment would require 20 pairs of vlan.

    The IPS 5.1 software now has the ability to manage the 20 pairs, but the native IOS software doesn't have the ability to send the 40 VLAN (20 pairs) to the JOINT-2.

    Changes in native IOS are in testing right now, but I have not heard a release date for these changes.

    Now cat BONES has already made these changes. So here is a breakdown of basic of what you could do in the BONE of cat and you can use to prepare for a deployment native IOS when it came out.

    For VLAN 10-20 and 300-310, you want monitored, you will need to break each of those VLANs in VLAN 2.

    Let's say that keep us it simple and add 500 to each vlan in order to create the new VLAN for each pair.

    Therefore, the following pairs:

    10/510, 511/11, 12/512, etc...

    300/800, 801/301, 302/802, etc...

    You configure the port to probe trunk all 40 VLAN:

    set the trunk 5/7 10-20 300-310 510-520 800-810

    (And then clear all other vlans off this trunk to clean things up)

    In the configuration of JOINT-2 create the 20 pairs of vlan inline on interface GigabitEthernet0/7

    NW on each of VLAN original 20 leave the default router for each LAN virtual vlan original to the vlan 500 +.

    At this point, you should be good to go. The JOINT-2 will not track traffic that remains inside each of the 20 VLAN original, but would monitor the traffic is routed in and out of each of the 20 VLAN.

    Due to a bug of switch, you may need to have an extra PC moved to the same vlan as the router if the switch/MSFC is used as the router and that you deploy with a JOINT-2.

  • Action of VMS to block host or network

    We use to monitor the IP Monitoring Center security 2.1 addresses. VMS SecMon 2.1, there is an action to block a host or a network by right clicking on the host affending.

    According to the documentation for secmon viewer "blocking a host causes a sensor to block all traffic from the source IP address associated with the selected event.» Similarly, blocking a network causes the sensor to block all traffic from the network that contains the source IP address of the selected event. Blocking is done through a properly configured Cisco router. »

    Ref: http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/mon_sec/secmon20/ug/ch04.htm#wp322382

    We have installed an inline IPS using a pair of vlan.

    I would like to be able to refuse an attacker online manually by clicking an action of VMS SecMon but when I use the blocking action, that the host is always allowed. It seems that this action cannot run that by setting up a blocking device. that is a Cisco ios router or a pix. This statement is correct?

    Is it possible the console of VMS for telling the IPS to refuse an attacker host or network by ordering manually to make in the same way the blocking is done?

    The action will work by setting up a blocking device.

  • IDSM2 in inline mode

    Hi all

    There are 2 VLANS configured in the switch of 7600 namely 200 and 300. In order to make the switch to pass these traffic vlan by JOINT (IPS inline mode), the following was configured.intrusion - detection module 2 ports data 1 trunk allowed - vlan 200 300. Apart from that, are there any requirements for the same thing. The IOS in the 7600 switch is 12.2 (18) SXF4.

    Thanking you

    Anantha Subramanian Natarajan

    You can have up to 255 pairs of vlan on Gig0/7 (date-port 1) and a 255 vlan pairs on concert 0/8 (data-port 2).

    But be aware that with version 5.0/5.1 on JOINT 2 JOINT-2 will deal with all these pairs as if they were on the same network. This can lead to confusion on the sensor if the packets are routed and run through 2 or more pairs of vlan inline.

    So if you are going to deploy in situations where routing could cause packets go through more than one pair of vlan inline then I recommend you to run the IPS version 6.0.

    IPS 6.0 can support up to 4 virtual devices. You can have a different configuration of the peg and filter in each virtual sensor.

    If a single deployment of 4 pairs of vlan online you can place a pair of vlan inline in each of the 4 virtual sensors.

    If you deployed more than 4 virtual probe, there was also an additional feature added to IPS 6.0 help manipulate it.

    http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/csids/csids13/cliguide/clianeng.htm#wp1038004

    You must set the Session TCP tracking Mode "Vlan only" or "Interface and Vlan" and say this track JOINT-2 the TCP Sessions only by pair of vlan inline and avoid the problem with 5.0/5.1.

    Pair Interface InLine mode is very similar to the pair of Vlan InLine. It will pair 2 VLANS.

    The difference is in how to obtain VLAN paired.

    Mode Inline Interface pair you would 0/7 and 8/0 (data port 1 and 2) to access the ports. Each port would be for just a single vlan. Place you 0/7 on a vlan of the pair and place of 0/8 on the second VLAN of the pair. The JOINT-2 would then monitor the traffic between the 2 VLAN just as it does InLine Vlan pair mode. But instead of passed back and forth on 2 VLAN of a single trunk port, they went back between the 2 access ports.

    Since it's access ports, you are limited to only one set of VLANS when you InLine Interface pair mode. While InLine Vlan pair gives you up to 510 vlan pairs.

    So I do not recommend using InLine Interface on JOINT-2 pair Mode.

    FYI: even if it has an advantage when running on a device. And the device can connect between 2 switches (a JOINT-2 can not because it is inside the switch). In this respect between the 2 switches trunk can carry 4094 VLANS. So place a device pair InLine INterface mode between 2 switches in a trunk port has some advantages.

  • IPS and switching

    Hello I have a theoretical question on the vlan and IPS

    Suppose that having a 4215 and a router. I want to run the ips with interface in inline mode.

    Would be - here work well?

    Router - WAN

    -Ethernet Vlan 2

    4215

    -L'Ethernet 2-> Vlan 2

    -Vlan 3 3 Ethernet

    -Network inside all in Vlan 3

    Would the bridge IPS if they were all in the same subnet?

    Cisco says

    http://www.Cisco.com/en/us/products/HW/vpndevc/PS4077/products_configuration_guide_chapter09186a00807517bb.html#wp1046883

    If two interfaces are connected to the same switch, you must configure on the switch as access with different access ports VLAN for both ports. Otherwise, the traffic is not transmitted via the online interface.

    Given that I have not read something on the deployment had to ask to be sure 100%

    Yes - you are approaching this correctly.

    On the sensor, you must be sure to complete the pairing of Vlan so that it will act as a bridge between VLAN 2 and 3 L2.

    The other option is to make the IPS on a stick, where you trunk 2 & 3 down to a single physical interface to the 4215.

    Let us know how your project progresses.

    thxs

    Peter

  • Mode Inline JOINT-2

    Hello

    I work with the JOINT-2, we have Cisco 6509 with CSM and FWSM, we plan JOINT-2 in Inline mode and now I want to track the traffic that arrives through Interface from outside the context of FW (which is nothing but a VLAN A, B VLAN, Vlan C. on MSFC)

    Data flow: JOINT - ISP RTR - internal RTR - FWSM - MSFC CSM.

    JOINT version is 5.1 (4) S257.0,.

    It will support only two VLANS (IN and OUT) on the access mode.

    My problem is that I don't know how to analyze the traffic of 3 numbers of VLANS (A, B, C).

    Cisco 6509 - Version 12.2 (18) SXF7,.

    You can use the mode to pair for the VLAN inline to monitor traffic entering on VLAN specific. For example

    You have VLAN 100 200 and 300 on MSFC that you want to watch inline.

    You must configure the VLAN 101 201 and 301 (L2 only) and send the VLAN 100-101 200-201 300-301 to JOINT-2.

    You then create pairs VLAN on JOINT-2 module as below

    1 pair of VLAN 100-101-1

    2 pair of VLAN 200-201-2

    3 - VLAN 300-301 - pair 3

    Then set over three pairs of virtual sensor and will monitor this traffic for online operation.

    Inline VLAN pair mode is based on VLANs, so it doesn't really matter if them VLANS are behind or front of the FWSM.

    See you soon,.

    Vinod

  • What happens when JOINT-2 performance is exceeded

    Hello

    We have JOINT-2 with about 20 pairs of vlan inline in the test environment. What happens to online traffic ourselves, said a flow of 500 Mbps? Falls of traffic or is it transmitted without IPS inspection.

    If you exceed the capacity of the sensor monitoring, then the packets that cannot be monitored will be abandoned by the sensor.

    NOTE: 500Mbps isn't a number of absolute performance for the sensor. It's a level of performance that the sensor has been testeed to be able to manage for certain types of traffic used in the performance test. We don't know exactly how much traffic the sensor will be able to manage to your network. The JOINT-2 will probably handle around 500 Mbps is a lot and even most customer networks. However, the networks vary, and in some networks, it can handle quite a bit less traffic and other networks can handle even more.

    So the question is not what will happen if you send more than 500 Mbps, but rather what will happen if you send more traffic than what the sensor is able to monitor. And the answer is that all traffic that cannot be monitored because of the limitations of performance will be dropped by the sensor.

    The only time where the packets are forwarded without inspection is if sensorApp has ceased to monitor all packets (a reconfiguration or an upgrade is in progress, or the process of sensorApp crashed) AND the functionality of the software workaround August kicks. Which case all packets will be forwarded without analysis.

  • IPS inline & port interface port trunk Switch

    Hello

    Is it possible to configure the IP addresses as the topology below? SW1 and SW2 SPI connection ports is in trunk mode. I would like to configure the IPS in inline mode pairing interface. (not the vlan pairing mode)

    SW1 - IPS - SW2

    Kind regards.

    Yes, this method is fully supported.

    If you want to control all the VLANS with a single virtual sensor, then assign the pair inline interface to the virtual sensor.

    If you want to monitor the VLANS with different virtual sensors, we support groups vlan on this pair of inline interface.

    Do not confuse "inline-pair of vlan" with the "groups of vlan inline on a pair of inline interface.

    The "pair of vlan inline" will pair 2 VLANS on the same interface. When a package arrives in the sensor it will be sent back the same interface with its header vlan has changed.

    The "groups of vlan" on a pair of inline interface don't change headers for VLANs.

    They are only used for virtual local networks, so that the Group of VLAN can then be assigned to a specific virtual sensor.

    You could then take a group of VLANs for your office network employees and assign them to vs0 and take a second group of VLAN for your DMZ and assign them to vs1.

    You can place a vlan unique within each vlan, or you can place several VLANs within each group vlan.

    But it only made sense to have 4 groups of vlan, because you have only 4 virtual sensors on most devices (a bit like the 4215 have 1 virutal sensor so you can make groups of vlan on the 4215).

    I also recommend that you change your virtual sensor and set the Inline TCP Session tracking mode on "Interface and Vlan. In this way the sensor will separately monitor connections on each vlan. This is necessary if a router can route traffic between several VLANs. Without this setting, the sensor will become confused if it sees the same connection of multiple VLANs.

  • ECLB with IPS-4270

    Can someone explain how the flow of traffic with the ECLB configuration. I do not understand how the traffic flows and if the user bridge VLAN must be on the switch or on the IP addresses. Thank you.

    http://www.Cisco.com/en/us/products/HW/vpndevc/PS4077/products_configuration_example09186a0080671a8d.shtml

    It is called load balancing, but it is really load split. The ELCB hashes the source and destination IP address and send this packet to one of the available paths (in your link, there are only two, but it could be more). This can cause the load balancing less even, but it is usually close enough.

    In your link, the IPS has fill the two local area networks VIRTUAL, so traffic due to flow through the IPS for the hosts to the gateway. To answer your question, both the switch AND SPI must have these VLANS configured. The IPS will be configured as a pair of VLAN. The switch will have two separate VLANS configured.

    -Bob

  • Battery M8024-k (pair) M3048 (pair) battery gal, VLAN and port groups?

    Hi all

    I'm getting more confused by the minute.  I have a pair of M8024-k blade switches in a M1000e enclosure, outside, I have a pair of N3048 switches.

    I think I have the job of stacking on the M8024-k, but I found a configuration guide for Simple mode that says take port 17-20 outside the Group of ports on the pair aggregation and leave the stack ports and internally in the PA Group.  When I do that they remain outside the group, if I do it in the CLI or the GUI.

    Does anyone have a configuration guide that shows how I can pair trunk the 2 together and allow 4 VLAN that I keep coming without access to blade servers inside?  What I get out of simple mode on the M8024-k to achieve?

    Any help gratefully received.

    The best source of information is going to be the user guides.

    www.Dell.com/.../manuals

    www.Dell.com/.../manuals

    I would wear the 8024-k off simple mode.

    Console# not simple mode

    On two batteries, you will need to aggregate 4 ports together.  Here is an example to place a port in an aggregation group.

    Console (config) # interface gigabitethernet 0/1/5

    Console (Config-if-1/0/5) # channel-group mode 1 (active / Auto)

    Once the ports are in a channel-group 1, we can then configure the channel group to perform for several VLANs.

    Console (config) # interface port-channel 1

    trunk mode console (config-if-po1) #switchport

    #switchport console (config-if-po1) trunk allowed vlan add 2-150

    This is done, you should have connectivity.

    Keep us informed.

  • pair VLAN Inline

    When you configure pair VLAN in IDM, do the sequence of matter of Vlan.

    For example, the values of the title of column "A VLAN" and "VLAN B". Does it affect the direction of JOINT inspection or its immaterial

    It does not matter when you set it on the METHOD. However, please make sure that devices on two different legs of the METHOD are 'different' VLAN.

    Concerning

    Farrukh

  • VLAN will not work on Interswitch link SLM2008 SRW2008MP

    I have a SLM2008 (SW01) and a SRW2008MP (SW02), these are inter connected both on port g1. G8 SW01 port is connected to the HDSL modem my ISP (off-grid). Connected G2is inside an ASA5505, offering my inside of network port. G7 and g8 SW02 port is connected outside 2 servers. I created a VLAN 2 on both switches. SW01 has 2 PVID on port 8, Acceptable frame types = All and enabled the capture filter. All other ports has same config except PVID on these are 1.
    On SW02 I tried several setting of VLAN on ports 1, 7 and 8. NO CHANCE!
    In general, I tried g1 as trunk, joined the untagged VLAN1, VLAN2 tagged, Acceptable frame types = All, PVID = 1, penetration fltering on. Ports g7 and g8, I tried with the access mode both in general mode, with several combinations of tag/untagged etc etc.
    I am not able to pass all traffic to the outside.

    Anyone? Help.

    Thanks in advance

    HKL

    Basically, what I want to achieve is; using a vlan between the 2 switches create a topology as if I had 4 physical switches, connected 2 and 2. No traffic should pass between the 2 pairs. No servers or other resources should be informed (or care) if they are on the physical pair 1 (VLAN1) or physical to pair 2 (VLAN2).

    As I see, or understand, the only difference between 4 physical switches and 2 physical (using the VIRTUAL local area network), it is that we need two trunk VLAN through, instead of having 2 physical connections intercommutation

    All outside routing is handled by the ASA (from vlan1) to VLAN2, the server will be directly using public IP address.

    In a concern for information inside subnet is 192.168.1.x, NAT by ASA at the public address 62.89.36.34/24 outside VLAN2 will be directly connected and use the servers 62.89.36.45 and 62.89.36.46

    GW = 62.89.36.33

    Hope this will make sence?

    BR

    JK.

  • SG500 layer 3 - VLAN can see each other devices Vlan9 <>- Vlan13

    Hi all!

    I guess I'm missing something simple here:

    Basic configuration: two SG500 stacked switches in layer mode 3 who should do the routing. LANCOM WLC with access Internet COOL tied up in the trunk.

    As for my understanding, I wouldn't be able to see Vlan13 of Vlan9 devices. But unfortunately, I don't have.

    Any help is appreciated. Thank you!!!

    config-file-header
    switch0908fa
    v1.3.7.18 / R750_NIK_1_35_647_358
    CLI v1.0
    define the system mode router queues-mode 4

    SSD of encrypted file indicator
    @
    SSD-control-start
    config of SSD
    control of password file unrestricted SSD
    no control of the integrity of the file ssd
    SSD-control-end cb0a3fdb1f3a1af4e4430033719968c0
    !
    database of VLAN
    VLAN 46, 91-9-99
    output
    Add a voice vlan Yes-table 0001e3 Siemens_AG_phone___
    Add a voice vlan Yes-table 00036 b Cisco_phone___
    Add a voice vlan Yes-table 00096e Avaya___
    Add a voice vlan Yes-table 000fe2 H3C_Aolynk___
    Add a voice vlan Yes-table 0060 b 9 Philips_and_NEC_AG_phone
    Add a voice vlan Yes-table 00d01e Pingtel_phone___
    VLAN voice Yes-table add Polycom/Veritel_phone___ 00e075
    Add a voice vlan Yes-table 00e0bb 3Com_phone___
    The dhcp server IP
    network IP dhcp pool P_1
    address 192.168.0.10 low high 192.168.0.254 255.255.255.0
    Infinite rental
    94.200.200.200 DNS server
    output
    network IP dhcp pool P_9
    address 192.168.9.10 low high 192.168.9.254 255.255.255.0
    Infinite rental
    94.200.200.200 DNS server
    output
    network IP dhcp pool P_13
    address 192.168.13.20 low high 192.168.13.254 255.255.255.0
    Infinite rental
    94.200.200.200 DNS server
    output
    no host start auto-config
    Hello interface range vlan 1
    hostname switch0908fa
    No complexity of passwords allow
    username privilege 15 7af78c911d5b48bea1dc2449d9d89513abeb4be5 encrypted password cisco
    name-server IP 192.168.0.5
    querying domain IP 18
    no service-CPU usage
    !
    interface vlan 1
    the IP 192.168.0.1 255.255.255.0
    no ip address dhcp
    !
    interface vlan 9
    name V_9
    IP 192.168.9.1 255.255.255.0
    !
    interface vlan 10
    name V_10
    !
    interface vlan 11
    name V_11
    !
    interface vlan 12
    name V_12
    !
    interface vlan 13
    name V_13
    192.168.13.1 IP address 255.255.255.0
    !
    interface vlan 14
    name V_14
    !
    interface vlan 15
    name V_15
    !
    interface vlan 16
    name V_16
    !
    interface vlan 17
    name V_17
    !
    interface vlan 18
    name V_18
    !
    interface vlan 19
    name V_19
    !
    interface vlan 20
    name V_20
    !
    interface vlan 21
    name V_21
    !
    interface vlan 22
    name V_22
    !
    interface vlan 23
    name V_23
    !
    interface vlan 24
    name V_24
    !
    interface vlan 25
    name V_25
    !
    interface vlan 26
    name V_26
    !
    interface vlan 27
    name V_27
    !
    interface vlan 28
    name V_28
    !
    interface vlan 29
    name V_29
    !
    interface vlan 30
    name V_30
    !
    interface vlan 31
    name V_31
    !
    interface vlan 32
    name V_32
    !
    interface vlan 33
    name V_33
    !
    interface vlan 34
    name V_34
    !
    interface vlan 35
    name V_35
    !
    interface vlan 36
    name V_36
    !
    interface vlan 37
    name V_37
    !
    interface vlan 38
    name V_38
    !
    interface vlan 39
    name V_39
    !
    interface vlan 40
    name V_40
    !
    interface vlan 41
    name V_41
    IP 192.168.41.1 255.255.255.0
    !
    interface vlan 42
    name V_42
    !
    interface vlan 43
    name V_43
    !
    interface vlan 44
    name V_44
    !
    interface vlan 45
    name V_45
    !
    interface vlan 46
    name V_46
    !
    interface vlan 91
    name V_91
    !
    interface vlan 92
    name V_92
    !
    interface vlan 93
    name V_93
    !
    interface vlan 94
    name V_94
    !
    interface vlan 95
    name V_95
    !
    interface vlan 96
    name V_96
    !
    interface vlan 97
    name V_97
    !
    interface vlan 98
    name V_98
    !
    interface vlan 99
    name V_99
    !
    interface gigabitethernet1/1/1
    switchport mode access
    !
    interface gigabitethernet1/1/2
    switchport mode access
    !
    interface gigabitethernet1/1/3
    switchport mode access
    !
    interface gigabitethernet1/1/4
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/5
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/6
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/7
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/8
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/9
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/10
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/11
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/12
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/13
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/14
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/15
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/16
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/17
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/18
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/19
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/20
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/21
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/22
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/23
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/24
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/25
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/26
    switchport mode access
    switchport access vlan 9
    !
    interface/gigabitethernet1/1/27
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/28
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/29
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/30
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/31
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/32
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/33
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/34
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/35
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/36
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/37
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/38
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/39
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/40
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/41
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/42
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/43
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/44
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/45
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/46
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/47
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/48
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/49
    switchport mode access
    !
    interface gigabitethernet1/1/50
    switchport mode access
    !
    interface gigabitethernet1/1/51
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet1/1/52
    switchport mode access
    switchport access vlan 9
    !
    interface gigabitethernet2/1/1
    switchport mode access
    !
    interface gigabitethernet2/1/2
    switchport mode access
    switchport access vlan 13
    !
    interface gigabitethernet2/1/3
    switchport mode access
    switchport access vlan 13
    !
    interface gigabitethernet2/1/4
    switchport mode access
    switchport access vlan 13
    !
    interface gigabitethernet2/1/5
    switchport mode access
    switchport access vlan 13
    !
    interface gigabitethernet2/1/6
    switchport mode access
    switchport access vlan 13
    !
    interface gigabitethernet2/1/7
    switchport mode access
    switchport access vlan 13
    !
    interface gigabitethernet2/1/8
    switchport mode access
    !
    interface gigabitethernet2/1/9
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/10
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/11
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/12
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/13
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/14
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/15
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/16
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/17
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/18
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/19
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/20
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/21
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/22
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/23
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/24
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/25
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/26
    switchport mode access
    switchport access vlan 41
    !
    interface/gigabitethernet2/1/27
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/28
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/29
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/30
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/31
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/32
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/33
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/34
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/35
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/36
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/37
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/38
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/39
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/40
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/41
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/42
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/43
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/44
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/45
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/46
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/47
    switchport mode access
    switchport access vlan 41
    !
    interface gigabitethernet2/1/48
    switchport mode access
    !
    interface gigabitethernet2/1/51
    switchport mode access
    !
    interface gigabitethernet2/1/52
    switchport mode access
    !
    output
    IP route 0.0.0.0/0 192.168.0.5 metrics 2
    encryption ip key-pair of keys rsa ssh-client
    .

    The VLAN intercommunicates is because you have an IP address on the interface VLAN that will dynamically build a route on the switch.

    As noted below, if you want to VLAN 9 to not see 13 or vice versa and ACL will be needed on the interface VLAN.

Maybe you are looking for

  • Win8 to Satellite M840-B1T display driver need

    Hello WIN8 installed on a laptopneed drivers for video (OpenGL)The site of Toshiba drivers are notin the compatibility list, this laptop is. Pls help

  • Windows xp genuine maybe a windows 7?

    I have windows xp sp3 genuine and licensed, can I have windows 7 with the same key no? Please help me in this regard

  • Multisim Simple pulse with sw?

    Mulitsims SPDT switch with battery of 12v dc, capcitor, resistance and ground view scope gives a different answer in the real world, why? Should give impulses but the switch does not change the State.

  • G6-2279wm

    I bought this computer with Windows 8 is already installed and I really hate Windows 8 because it keeps crashing, among other issues.  I want to install Windows 7.  So my question is: will I be able to install Windows 7 on this computer model?

  • Is - it possible/safe upgrade HP 355 G2 laptop with SSD?

    I would like to know if it is possible and safe install a common SATA SSD (Crucial/Samsung etc.) in the laptop HP 355 G2?