Version 5.2 Sourcefire 3D System Installation Guide 37
Understanding Deployment
Deployment Options
Chapter 2
You can also deploy your managed device to function as a virtual switch, virtual
router, or gateway VPN. Additionally, you can use policies to route traffic or control
access to traffic on your network. For more information, see the following
sections:
• Deploying with a Virtual Switch on page 37
• Deploying with a Virtual Router on page 38
• Deploying with Hybrid Interfaces on page 40
• Deploying a Gateway VPN on page 41
• Deploying with Policy-Based NAT on page 42
• Deploying with Access Control on page 43
Deploying with a Virtual Switch
LICENSE: Control
S
UPPORTED DEVICES: Series 3
You can create a virtual switch on your managed device by configuring inline
interfaces as switched interfaces. The virtual switch provides Layer 2 packet
switching for your deployment. Advanced options include setting a static MAC
address, enabling spanning tree protocol, enabling strict TCP enforcement, and
dropping bridge protocol data units (BPDUs) at the domain level. For information
on switched interfaces, see
Switched Interfaces on page 30.
A virtual switch must contain two or more switched interfaces to handle traffic.
For each virtual switch, the system switches traffic only to the set of ports
configured as switched interfaces. For example, if you configure a virtual switch
with four switched interfaces, when the system receives traffic packets through
one port it only broadcasts these packets to the remaining three ports on the
switch.
To configure a virtual switch to allow traffic, you configure two or more switched
interfaces on a physical port, add and configure a virtual switch, and then assign
the virtual switch to the switched interfaces. The system drops any traffic
received on an external physical interface that does not have a switched interface
waiting for it. If the system receives a packet with no VLAN tag and you have not
configured a physical switched interface for that port, it drops the packet. If the
system receives a VLAN-tagged packet and you have not configured a logical
switched interface, it also drops the packet.
You can define additional logical switched interfaces on the physical port as
needed, but you must assign a logical switched interface to a virtual switch to
handle traffic.
Virtual switches have the advantage of scalability. When you use a physical
switch, you are limited by the number of available ports on the switch. When you
replace your physical switch with a virtual switch, you are limited only by your
bandwidth and the level of complexity you want to introduce to your deployment.
To Next Page
Loading...