IPS HA Solution

Unanswered Question
Jul 23rd, 2007
User Badges:

Hi Guys,

I did some research how Cisco IPS HA works, but no lucky to find out based on followed statement, anybody can explain how to achieve this ?

"Resiliency and redundancy can be delivered through unique network collaboration; for example, Hot Standby Router Protocol (HSRP) configuration and Cisco EtherChannel load balancing on Cisco Catalyst switches can divert traffic to a secondary IPS device upon the failure of a primary device."


http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_brochure0900aecd805baea7.html

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
rhermes Mon, 07/23/2007 - 12:52
User Badges:
  • Gold, 750 points or more

We run a few of these, but it's not terribly reliable. Any distrubance of the state of the Ethernet connection will cause the Catalyst to bounce a sensor out of the Etherchannel group (needing a manual reset). Most signature updates will do it. On the other hand, if you have a process fail in the sensor that doesn't cause the Ethernet interface to go down, the traffic is not re-routed to the other sensor(s).

Try reading this:

Configuring IPS High Bandwidth Using EtherChannel Load Balancing

http://cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a0080671a8d.shtml

Actions

This Discussion