Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Configuring ECLB


How can I configure port-channel for ECLB.

What are the ports needs to be included in the Etherchannel as there are no ports on the IDSM-2 cards ?


Ashish Gupta


Re: Configuring ECLB

You will add data ports into port channel.

More details at

Syed iftekhar Ahmed

Community Member

Re: Configuring ECLB

Hi Ahmed,

I'm already having this document which decribes how to configure IDSM-2 & refers to port-channel in the configuration but the problem is no where it has been mentioned how to configure this port channel.


Ashish Gupta

Cisco Employee

Re: Configuring ECLB

This is documented in the CLI Configuration Guide in the section for configuring the IDSM-2.

Here is a link to the section in the IPS 6.2 guide:

Let me know if you need more information after reading through this section.

Community Member

Re: Configuring ECLB


Thanks for the reply.

I read the IDSM-2 section of the document but didn't able to figure out the switch ports to be included in the Etherchannel as there are no physical ports on the IDSM-2 module.

As per my understanding I have to configure the data ports of all the IDSM-2 modules in the same etherchannel.

Could you send me the steps for configuring EtherChannel for IDSM.

Cisco Employee

Re: Configuring ECLB

There are no "external" physical ports on the IDSM-2.

BUT there are instead "internal" physical ports on the IDSM-2.

These "internal" ports are connected directly to the backplane of the switch.

If using the older Cat OS these ports are /7 and /8.

In Cat OS they can then be configured similar to most other ports in the switch.

If using native IOS these ports are not named or configured like regular Gig ports.

They are given the special name "intrusion-detection module data-port <1|2>"

The data-port 1 in the IOS configuration corresponds to GigabitEthernet0/7 seen inside the IDSM-2 configuration, and data-port 2 corresponds to GigabitEthernet0/8.

The instructions show you how to put these IDSM-2 ports into an etherchannel (it uses a special command for the IDSM-2 ports)

intrusion-detection module data-port <1|2> port-channel

You will then have to configure the ether-channel for your specific deployment model (promiscuous, inline interface, or inline vlan pair)

Because it is an etherchannel of IDSM-2 ports, even the etherchannel configuration has special commands:

intrusion-detection port-channel

Then followed by either "access", "trunk", or "capture" depending on the deployment type you are trying to do.

Also if using native IOS, then check what version of native IOS you are using. Not all IOS versions support all of the IDSM-2 etherchannel features.

Generally the 12.2(18)SXF4 and later versions on the 12.2SX train will support all features.

While the 12.2SR train does NOT support all features. The 12.2SR train is still fairly limited as to what IDSM-2 features are supported.

If you still need more help them let me know the following:

Type of Supervisor

Software Version being run

Slot # where the IDSM-2s are installed

The deployment you are trying to implement.

Community Member

Re: Configuring ECLB

Hi Marcoa,

Thanks for the detailed reply. I got the answer of my question.


Ashish Gupta

CreatePlease to create content