IPS 4270 Cluster

Unanswered Question
Farrukh Haroon Mon, 02/08/2010 - 04:38
User Badges:
  • Red, 2250 points or more

There is no cluster support inherent in the IPS. You can either use Either Channel Load Balancing if you have a 6500 Switch or use some external technique like spanning tree to achive your requirement.


Please see the following


http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/eclbips5.htm


https://supportforums.cisco.com/message/956730#956730 (Check the attached file in the penultimate post)



Regards


Farrukh

Farrukh Haroon Mon, 02/08/2010 - 23:40
User Badges:
  • Red, 2250 points or more

Yes this is true, ECLB can support upto 8 sensors. But you need a 6500 series switch to configure this feature (for IPS).


Regards


Farrukh

Farrukh Haroon Mon, 02/08/2010 - 23:41
User Badges:
  • Red, 2250 points or more

Yes this is true, ECLB can support upto 8 sensors. But you need a 6500 series switch to configure this feature (for IPS).


Regards


Farrukh

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Hi Farrukh,

The link you given will be beneficial in inline mode deployment, but I want to deploy both of the IPS in promiscuous mode and want to monitor lot of VLANs which is not possible through SPAN, SPAN having some limitation regarding number of VLAN.

Capturing future is also not available under port channel interface. So I cannot use ECLB.

So I decided to configure the VACL, that why I am looking for some solution, both IPS needs to work in load balance mode if one of IPS fails that traffic needs to be diverted to second IPS and no duplicate alarms.

Regards,

Vashdev


Hi Farruk,


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Now I plan the following configuration but it neither supports load balancing nor redundancy


ip access-list ext IPS-ACCESS-LIST
permit ip any any


vlan access-map IPS-ACCESS-MAP 10
match ip address IPS-ACCESS-LIST
action forward capture
!
vlan filter IPS-ACCESS-MAP vlan-list  10,11,31,32,33,34,35,36,51,52,53,54,61,62,66,65



interface gi1/2/1
switchport
switchport capture
switchport capture allowed vlan 10,11

interface gi1/2/2
switchport
switchport capture
switchport capture allowed vlan 31,32

interface gi1/2/3
switchport
switchport capture
switchport capture allowed vlan 33,34


interface gi1/2/4
switchport
switchport capture
switchport capture allowed vlan 35,36

interface gi2/2/1
switchport
switchport capture
switchport capture allowed vlan 51,52

interface gi2/2/2
switchport
switchport capture
switchport capture allowed vlan 53,54

interface gi2/2/3
switchport
switchport capture
switchport capture allowed vlan 61,62


interface gi2/2/4
switchport
switchport capture
switchport capture allowed vlan 66,65



Actions

This Discussion