Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPS HA Solution

Hi Guys,

I did some research how Cisco IPS HA works, but no lucky to find out based on followed statement, anybody can explain how to achieve this ?

"Resiliency and redundancy can be delivered through unique network collaboration; for example, Hot Standby Router Protocol (HSRP) configuration and Cisco EtherChannel load balancing on Cisco Catalyst switches can divert traffic to a secondary IPS device upon the failure of a primary device."

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_brochure0900aecd805baea7.html

1 REPLY
Gold

Re: IPS HA Solution

We run a few of these, but it's not terribly reliable. Any distrubance of the state of the Ethernet connection will cause the Catalyst to bounce a sensor out of the Etherchannel group (needing a manual reset). Most signature updates will do it. On the other hand, if you have a process fail in the sensor that doesn't cause the Ethernet interface to go down, the traffic is not re-routed to the other sensor(s).

Try reading this:

Configuring IPS High Bandwidth Using EtherChannel Load Balancing

http://cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a0080671a8d.shtml

407
Views
4
Helpful
1
Replies