cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
686
Views
4
Helpful
1
Replies

IPS HA Solution

pengfang
Level 1
Level 1

Hi Guys,

I did some research how Cisco IPS HA works, but no lucky to find out based on followed statement, anybody can explain how to achieve this ?

"Resiliency and redundancy can be delivered through unique network collaboration; for example, Hot Standby Router Protocol (HSRP) configuration and Cisco EtherChannel load balancing on Cisco Catalyst switches can divert traffic to a secondary IPS device upon the failure of a primary device."

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_brochure0900aecd805baea7.html

1 Reply 1

rhermes
Level 7
Level 7

We run a few of these, but it's not terribly reliable. Any distrubance of the state of the Ethernet connection will cause the Catalyst to bounce a sensor out of the Etherchannel group (needing a manual reset). Most signature updates will do it. On the other hand, if you have a process fail in the sensor that doesn't cause the Ethernet interface to go down, the traffic is not re-routed to the other sensor(s).

Try reading this:

Configuring IPS High Bandwidth Using EtherChannel Load Balancing

http://cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a0080671a8d.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: