Configuring ECLB

Unanswered Question
Feb 13th, 2009


How can I configure port-channel for ECLB.

What are the ports needs to be included in the Etherchannel as there are no ports on the IDSM-2 cards ?


Ashish Gupta

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
ashish_gupta_ashish Fri, 02/13/2009 - 07:25

Hi Ahmed,

I'm already having this document which decribes how to configure IDSM-2 & refers to port-channel in the configuration but the problem is no where it has been mentioned how to configure this port channel.


Ashish Gupta

ashish_gupta_ashish Mon, 02/16/2009 - 01:45


Thanks for the reply.

I read the IDSM-2 section of the document but didn't able to figure out the switch ports to be included in the Etherchannel as there are no physical ports on the IDSM-2 module.

As per my understanding I have to configure the data ports of all the IDSM-2 modules in the same etherchannel.

Could you send me the steps for configuring EtherChannel for IDSM.

marcabal Mon, 02/16/2009 - 11:01

There are no "external" physical ports on the IDSM-2.

BUT there are instead "internal" physical ports on the IDSM-2.

These "internal" ports are connected directly to the backplane of the switch.

If using the older Cat OS these ports are /7 and /8.

In Cat OS they can then be configured similar to most other ports in the switch.

If using native IOS these ports are not named or configured like regular Gig ports.

They are given the special name "intrusion-detection module data-port <1|2>"

The data-port 1 in the IOS configuration corresponds to GigabitEthernet0/7 seen inside the IDSM-2 configuration, and data-port 2 corresponds to GigabitEthernet0/8.

The instructions show you how to put these IDSM-2 ports into an etherchannel (it uses a special command for the IDSM-2 ports)

intrusion-detection module data-port <1|2> port-channel

You will then have to configure the ether-channel for your specific deployment model (promiscuous, inline interface, or inline vlan pair)

Because it is an etherchannel of IDSM-2 ports, even the etherchannel configuration has special commands:

intrusion-detection port-channel

Then followed by either "access", "trunk", or "capture" depending on the deployment type you are trying to do.

Also if using native IOS, then check what version of native IOS you are using. Not all IOS versions support all of the IDSM-2 etherchannel features.

Generally the 12.2(18)SXF4 and later versions on the 12.2SX train will support all features.

While the 12.2SR train does NOT support all features. The 12.2SR train is still fairly limited as to what IDSM-2 features are supported.

If you still need more help them let me know the following:

Type of Supervisor

Software Version being run

Slot # where the IDSM-2s are installed

The deployment you are trying to implement.


This Discussion