Focus on IDS
Configuring Cisco IPS High Bandwidth Using EtherChannel Load Balancing Apr 01 2009 12:46PM
bdikici gmail com
Hello ,

I have got two core switches. They are running redundant with HSRP. One of
them is hsrp active and spanning tree root for all vlans , the other is hsrp
passive and spanning tree secondary for all vlans. I have got a server vlan
which i would like to inspect traffic to this vlan from all other user
vlans. All servers are connected to the backbone switches via another
aggregation switches. We have got 6 aggragation swtiches and all of them are
connected to the backbone switches via 1 gigabit f/o uplinks. Because of
that , i need 6 gbps throghput for the IPS system which will protect the
server VLAN.
Which topology do you recommend for this purpose ? Should i use another
switches to connect all IPS devices to the backbone switches ? Or should i
connect IPS devices directly to the backbone switches ? Which one is more
preferrable for performance and redundancy ?

Another question is ;
I saw the message which is written below in this address ;
?The IPS appliances must be in on-a-stick mode, meaning that the IPS
appliance can only use one sensing port on that Catalyst switch. That port
is trunked so that the IPS appliance has an inbound and outbound path to and
from the switch.?
My question is ;
Can I have one IPS with three or four ports attached to the same switch in
an etherchannel?

The last question ;
Is it possible to configure the Cisco IPS like the topology below ? SW1's and SW2's connection ports to the IPS is in trunk mode. I would like to configure the IPS in inline interface pairing mode. ( not vlan pairing mode )


Kind Regards...

Burak Dikici

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus