Version 5.2
Sourcefire 3D System Installation Guide
31
Understanding Deployment
Understanding Interfaces
Chapter 2
Switched interfaces can have either a physical or logical configuration:
•
Physical switched interfaces
are physical interfaces with switching
configured. Use physical switched interfaces to handle untagged VLAN
traffic.
•
Logical switched interfaces
are an association between a physical interface
and a VLAN tag. Use logical interfaces to handle traffic with designated
VLAN tags.
Virtual switches can operate as standalone broadcast domains, dividing your
network into logical segments. A virtual switch uses the media access control
(MAC) address from a host to determine where to send packets. When you
configure a virtual switch, the switch initially broadcasts packets through every
available port on the switch. Over time, the switch uses tagged return traffic to
learn which hosts reside on the networks connected to each port.
You can configure your device as a virtual switch and use the remaining interfaces
to connect to network segments you want to monitor. To use a virtual switch on
your device, create physical switched interfaces and then follow the instructions
for Setting Up Virtual Switches in the
Sourcefire 3D System Guide
.
Routed Interfaces
L
ICENSE
:
Control
S
UPPORTED
D
EVICES
:
Series 3
You can configure routed interfaces on a managed device in a Layer 3 deployment
so that it routes traffic between two or more interfaces. You must assign an IP
address to each interface and assign the interfaces to a virtual router to route
traffic.
You can configure routed interfaces for use with a gateway virtual private network
(gateway VPN) or with network address translation (NAT). For more information,
see
on page 41 and
Deploying with Policy-Based NAT
on page 42.
You can also configure the system to route packets by making packet forwarding
decisions according to the destination address. Interfaces configured as routed
interfaces receive and forward the Layer 3 traffic. Routers obtain the destination
from the outgoing interface based on the forwarding criteria, and access control
rules designate the security policies to be applied.
Routed interfaces can have either a physical or logical configuration:
•
Physical routed interfaces
are physical interfaces with routing configured.
Uses physical routed interfaces to handle untagged VLAN traffic.
•
Logical switched interfaces
are an association between a physical interface
and a VLAN tag. Use logical interfaces to handle traffic with designated
VLAN tags.