Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

4235 with Multiple Monitoring Interfaces?

This is a general question as to whether anyone is running the 4235 sensor on 4.0 code with multiple monitoring interfaces?

Basically I am wondering if you have any comments on performance or if you have run into any issues with the configuration. I have not seen too much documentation for actually configuring this, so I'm wondering if there are any additional requirements or considerations.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: 4235 with Multiple Monitoring Interfaces?

Hi Chad,

With IDS 4.0 you can only montior using one sniffing interface. With 4.1 you will have support for multiple monitoring interfaces.

As far as performance goes, I don't see any issues besides to make sure the management station is able to handle the amount of alarms coming in when using multiple interfaces.

Thanks,

Obaid.

Cisco Employee

Re: 4235 with Multiple Monitoring Interfaces?

We are currently testing 4.1, which has support for multiple interfaces on the 4235. I have a configuration running in the lab with a 4235 that has a quad nic card installed. Performance is very good. I think we rate the 4235 about 300 mbit or so with 4.1, so you should have a aggregate bandwidth support for the 300 Mbit divided among your monitoring interfaces.

You are correct , no docs out yet, because 4.1 is not yet shipping. Expected very soon.

6 REPLIES
Cisco Employee

Re: 4235 with Multiple Monitoring Interfaces?

Hi Chad,

With IDS 4.0 you can only montior using one sniffing interface. With 4.1 you will have support for multiple monitoring interfaces.

As far as performance goes, I don't see any issues besides to make sure the management station is able to handle the amount of alarms coming in when using multiple interfaces.

Thanks,

Obaid.

New Member

Re: 4235 with Multiple Monitoring Interfaces?

Obaid,

That would explain the lack of documentation on this! The product overview did mention that this was possible with version 4.0, but I couldn't find any supporting documentation on actually configuring this in the technical docs.

This begs the question: Do you have a rough estimate on a timeframe for the 4.1 release?

And now that we're talking about a new version, I have another question: Will one sensor configured to monitor two segments be able to apply different response options to the two separate networks. For example, let's say that I have a sensor watching an internet DMZ and a DMZ connecting a partner. I trust the partner connection and permit some signature matches that I would not permit on the internet DMZ. Will 4.1 let me watch both segments and have different responses for each, or will both segments be held to the same response profile?

I'm not too concerned about alarm volume to the management console given the planned deployment. I was more concerned about additional memory or CPU requirements on the sensor to monitor multiple segments.

Thanks very much for this information. Quite a big help!

Regards,

Chad

New Member

Re: 4235 with Multiple Monitoring Interfaces?

Chad,

With multiple interfaces in 4.1 all interfaces will be inspected with the same configuration. We have the concept of virtual sensors in the works and it will come out in a version after 4.1. With virtual sensors you will be able to handle the example you mentioned.

So in summary 4.1 will give you multiple interfaces with the same IDS configuration. We will be adding the virtual sensors in a future version.

--Mike

New Member

Re: 4235 with Multiple Monitoring Interfaces?

Performance is based on the aggregate bandwidth you are monitoring across multiple interfaces, so management requirements should not be any higher than with a single interface.

Cisco Employee

Re: 4235 with Multiple Monitoring Interfaces?

We are currently testing 4.1, which has support for multiple interfaces on the 4235. I have a configuration running in the lab with a 4235 that has a quad nic card installed. Performance is very good. I think we rate the 4235 about 300 mbit or so with 4.1, so you should have a aggregate bandwidth support for the 300 Mbit divided among your monitoring interfaces.

You are correct , no docs out yet, because 4.1 is not yet shipping. Expected very soon.

New Member

Re: 4235 with Multiple Monitoring Interfaces?

Exactly the information I was looking for. Thanks to all of you for responding. I'll certainly keep an eye out for the 4.1 release.

Thanks again.

Chad

100
Views
0
Helpful
6
Replies
CreatePlease to create content