avanzaadmin Fri, 08/20/2010 - 05:07
User Badges:

Hi Anton

Depending on how you use the IDSM, inline or promiscuous, I would suggest looking into the Multi Chassi Ethernet option available with VSS. If both IDSM join the port channel and share the traffic that would in effect make then a failover pair.


Regards

Fredrik

Antonsibir Fri, 08/20/2010 - 05:21
User Badges:

Hi Fredrik,


Thank you for reply! It's necessarily to configure inline mode. Could you please explain more exact or give me a link?

avanzaadmin Fri, 08/20/2010 - 05:51
User Badges:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_idsm2.html#wp1044800

Here's the link to the IPS 7.x CLI mnaual regarding setting up and sharing an etherchannel across two IPSmodules. Just top of my head I would use inlineVLAN pair, that way I would save one interface for the future. I would then have my incoming data ports connect to one VLAN (Side A) and the outgoing data on the other VLAN (Side B).


/Fredrik

Antonsibir Fri, 08/20/2010 - 06:02
User Badges:

Thank you for link. But AFAIK there is no ESLB support for IDSM in  different chassis. Link that you sent me is for load balancing in the  same chassis. Do you mean that I need similar EtherChannel  and inline VLAN pair mode configurations on both IDSM and then I  need to connect both IDSM by multichassis ethernet?


avanzaadmin Fri, 08/20/2010 - 07:52
User Badges:

That was my general idea, since VSS operationally is the same chassi it might work depending on which data flow you need to monitor.


/Fredrik

Actions

This Discussion