cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1369
Views
4
Helpful
7
Replies

IPS 4270 Cluster

vashdevt
Level 1
Level 1

Hi

I want to build the cluster between two 4270 IPS, but i didn't find any document.

Please forward me the document or URL.

Is license is required for cluster building?

Regards,

Vashdev

7 Replies 7

Farrukh Haroon
VIP Alumni
VIP Alumni

There is no cluster support inherent in the IPS. You can either use Either Channel Load Balancing if you have a 6500 Switch or use some external technique like spanning tree to achive your requirement.

Please see the following

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/eclbips5.htm

https://supportforums.cisco.com/message/956730#956730 (Check the attached file in the penultimate post)

Regards

Farrukh

Hi Farrukh,

I saw on one document it saying we can cluter up 8 4270 IPS

Cisco IPS 4270 devices to be grouped and function as a cluster. This adds resiliency and allows for higher throughput. As many as eight Cisco IPS 4270 Sensors can be grouped as such.

http://cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/prod_white_paper0900aecd806e724b.html

Regards,

Yes this is true, ECLB can support upto 8 sensors. But you need a 6500 series switch to configure this feature (for IPS).

Regards

Farrukh

Yes this is true, ECLB can support upto 8 sensors. But you need a 6500 series switch to configure this feature (for IPS).

Regards

Farrukh

This is exactly what was mentioned in my earlier post (First link):

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/eclbips5.htm

Regards

Farrukh

Hi Farrukh,

The link you given will be beneficial in inline mode deployment, but I want to deploy both of the IPS in promiscuous mode and want to monitor lot of VLANs which is not possible through SPAN, SPAN having some limitation regarding number of VLAN.

Capturing future is also not available under port channel interface. So I cannot use ECLB.

So I decided to configure the VACL, that why I am looking for some solution, both IPS needs to work in load balance mode if one of IPS fails that traffic needs to be diverted to second IPS and no duplicate alarms.

Regards,

Vashdev

Hi Farruk,

Now I plan the following configuration but it neither supports load balancing nor redundancy


ip access-list ext IPS-ACCESS-LIST
permit ip any any

vlan access-map IPS-ACCESS-MAP 10
match ip address IPS-ACCESS-LIST
action forward capture
!
vlan filter IPS-ACCESS-MAP vlan-list  10,11,31,32,33,34,35,36,51,52,53,54,61,62,66,65


interface gi1/2/1
switchport
switchport capture
switchport capture allowed vlan 10,11

interface gi1/2/2
switchport
switchport capture
switchport capture allowed vlan 31,32

interface gi1/2/3
switchport
switchport capture
switchport capture allowed vlan 33,34

interface gi1/2/4
switchport
switchport capture
switchport capture allowed vlan 35,36

interface gi2/2/1
switchport
switchport capture
switchport capture allowed vlan 51,52

interface gi2/2/2
switchport
switchport capture
switchport capture allowed vlan 53,54

interface gi2/2/3
switchport
switchport capture
switchport capture allowed vlan 61,62

interface gi2/2/4
switchport
switchport capture
switchport capture allowed vlan 66,65

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: