Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
255
Views
0
Helpful
1
Replies

IDS Design Help

dblairii
Level 1
Level 1

‎06-04-2003 08:24 AM - edited ‎03-09-2019 03:32 AM

I am currently required to design an IDS layout for a future e-commerce server farm. The network will be built around a Cat6513 with 3-16port fiber blades. There will be 3VLANs. I obviously want to monitor all 3 VLANs, but my dilemma is this:

The CAT 6513 has a backplane capable of 32 Gbps, and all the servers will be fiber connected. How do I monitor 3 VLAN's all with a potential of approximately 10GB's of traffic with Cisco IDS sensors? Do a place multiple 4250XL's on a given VLAN? And, if I do that, how do I evenly balance the traffic?

Second... How many IDS Sensors can I place on that Switch.... It is apparently only capable of 2 SPAN ports, but am I correct that VACLs could be written to direct traffic to any number of ports - essentially offering me the ability to add unlimited sensors?

Thanks.

Labels:
0 Helpful
1 Reply 1

ywadhavk
Cisco Employee
Cisco Employee

‎06-05-2003 08:42 AM

Hi Don,

Even the upcoming IDSM2 blade on the upcoming 4.1 version will be supporting upto 500MB performance. This blade will have 2 sniffing interface. but for your situation, IDSMs do not seem feasible.

You best bet is on the 4250XL which perform at 1GB and has 2 sniffing interfaces. You could deploy 2 of those.

As for the 10GB data, are you implying that you will be deploying 10GB lans? The 4250XL has 1000BASE-SX (fiber) and 10/100/1000BASE-TX interfaces only. Also there is no way to sagregate traffic towards each sensor. The sensor's sensing inerface is in promiscous mode and will see all traffic.

You might have already taken a look at these, but just in case;

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps4077/products_data_sheet09186a008014873c.html

Capacity Verification for High Speed Network IDS

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps4077/prod_technical_reference09186a0080124525.html

Thanks,

Yatin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents