Announcement

Collapse
No announcement yet.

Configuring Cisco IPS High Bandwidth Using EtherChannel Load Balancing

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configuring Cisco IPS High Bandwidth Using EtherChannel Load Balancing

    Hello ,

    I have got two core switches. They are running redundant with HSRP. One of them is hsrp active and spanning tree root for all vlans , the other is hsrp passive and spanning tree secondary for all vlans. I have got a server vlan which i would like to inspect traffic to this vlan from all other user vlans. All servers are connected to the backbone switches via another aggregation switches. We have got 6 aggragation swtiches and all of them are connected to the backbone switches via 1 gigabit f/o uplinks. Because of that , i need 6 gbps throghput for the IPS system which will protect the server VLAN.
    Which topology do you recommend for this purpose ? Should i use another switches to connect all IPS devices to the backbone switches ? Or should i connect IPS devices directly to the backbone switches ? Which one is more preferrable for performance and redundancy ?

    Another question is ;
    I saw the message which is written below in this address ;
    http://cisco.com/en/US/products/hw/v...80671a8d.shtml
    “The IPS appliances must be in on-a-stick mode, meaning that the IPS appliance can only use one sensing port on that Catalyst switch. That port is trunked so that the IPS appliance has an inbound and outbound path to and from the switch.”
    My question is ;
    Can I have one IPS with three or four ports attached to the same switch in an etherchannel?

    Kind Regards...

  • #2
    Re: Configuring Cisco IPS High Bandwidth Using EtherChannel Load Balancing

    It would depend on the Model of IPS you have. Each model has different throughput rates. e.g. The 4260 is rated at 1gb. I believe the 4240 is rated around 500 mb. Lookup the throughput of your device on Cisco's site. Even if you have 4 Gig interfaces available, the box will only pass traffic at the rated speed of the box.

    Comment

    Working...
    X