01-26-2009 09:08 AM - edited 03-10-2019 04:28 AM
Hi,
I would like to know whether it is possible to use IDSM across two distinct contexts in FWSM.
01-26-2009 12:27 PM
Yes you can.
In promiscous mode you tap the required traffic (All fwsm context Vlans) at Switch and copy that traffic to IDSM.
Syed
01-26-2009 12:40 PM
Thanks Syed.
If I were to use inline mode, when there are distinct active contexts across two FWSMs; will it be possible.
01-26-2009 02:35 PM
Yes you can.
You can configure IDSM-2 in inline VLAN pair mode. IDSM-2 performs VLAN bridging between pairs of VLANs within the same data port operating as an 802.1q trunk.
IDSM-2 has two data ports (sensing ports).
You can configure IDSM-2 to simultaneously bridge up to 255 VLAN pairs on each data port.
So with two sensing ports you can have 2 x 255
inline vlan pairs.
(Obviously its not recommended to have so many vlan pairs. Remember that IDSM throughput is hardly 500Mbps and it can easily become a bottleneck in front of FWSM which has much higher throughput)
HTH
Syed
01-26-2009 03:26 PM
Thanks.
Once more for clarity.
Lets say contextA is active on FWSM1 placed in Cat6500(1) and contextB is active on FWSM2 placed in Cat6500(2). IDSM(1) is installed on Cat6500(1) and IDSM(2) is installed on Cat6500(2).
Can both the active contexts on different FWSM be inspected by the IDSM simultaneously. Which IDSM shall inspect which FWSM. Is it 1 to 1 and 2 to 2.
01-26-2009 05:04 PM
Unlike FWSM/ACE where you could have one FWSM active & other standby, In IDSM there are no such states.
You will have to extend all FWSM & IDSM vlans over trunk between two switches and then configure STP (Spanning tree protocol)such taht it will make one path in forwarding mode and other in Blocking mode.
For example if context1 is active in SW1 & standby in SW2. Then STP will ensure that link b/w Active context1 (of SW1) & IDSM(of SW1) is in forwarding state & link between b/w stdby context1 (of SW2) & IDSM(of SW2) is in blocking state.
Syed
01-27-2009 08:03 AM
Would you be able to provide a short example of extending FWSM/IDSM vlans over the trunk and configuring STP where different active contexts reside on both the FWSMs.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: