Re: IDS Module on 6k catalyst and PIX 535 aand management
The performance of a single IDSM ranges from 120 - 250 Mbps, depending on average packet size.
There are ways in which you may use the current IDSM (Catalyst 6K Line Card) to monitor Gig lines. Firstly, you may insert multiple IDSMs in the switch and direct groups of VLANs at each IDSM, depending on the aggregate bandwidth utilization of the group of VLANs that will be directed to a single IDSM. On a 6509, for example, you have 8 slots available for IDSMs. The aggregate perfomance from such a solution (ie multiple IDSMs in the chassis) would be the performance # of a single IDSM X the number of IDSMs in the chassis of the switch.
Secondly, you may use security VACLs (VLAN ACLs) to focus only on the a subset of the aggregate traffic by being able to specify layer 3/4 filtering criteria. You first designate your capture destination (sniffing port). Then based on the filtering criteria, any data data packet tagged as a capture packet is directed to the IDSM for signature anaysis. So, you may choose to only inspect http traffic from one subnet to another or only inbound traffic. So if we use the latter example, and you choose to only inspect inbound traffic on a gig line since this is what has been defined as the only security-relevant traffic, and the ratio of the outbound traffic to inbound is , say, 10:1, we could essentially monitor a gig line with a single IDSM.
The IDSM is setup initially using setup commands in CAT OS. Following this command & control is tranferred to the management console.The management consoles available for this are CSPM and the Unix Director.
Shunning (blocking) is not currently supported on the IDSM but will be supported in teh next release of the IDSM sensor s/w (CS IDSM 3.0) in the next 3-4 months.
TCP resets are not supported on the IDSM.
Let me know if you have any other questions. When you get around to deploying it, let me know so I may send you some handy tech tips/quick start docs. on this/other product(s).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :