https://community.cisco.com/t5/network-security/lan-idsm2-inline/m-p/1578404#M66315 <P>Hello all,</P><P></P><P>If a LAN-IDSM2 installed on a main swx&nbsp; 6500 as a IDS, can we switch it to be inline as an IPS?</P><P></P><P>how can we know if this IDSM can support the throuput? and how can we know what is the curent throuput passing through this LAN-IDSM2 in order to take a decision about it?</P><P></P><P></P><P>best regards,</P> Sun, 10 Mar 2019 12:09:37 GMT learnsec 2019-03-10T12:09:37Z https://community.cisco.com/t5/network-security/lan-idsm2-inline/m-p/1578404#M66315 <P>Hello all,</P><P></P><P>If a LAN-IDSM2 installed on a main swx&nbsp; 6500 as a IDS, can we switch it to be inline as an IPS?</P><P></P><P>how can we know if this IDSM can support the throuput? and how can we know what is the curent throuput passing through this LAN-IDSM2 in order to take a decision about it?</P><P></P><P></P><P>best regards,</P> Sun, 10 Mar 2019 12:09:37 GMT https://community.cisco.com/t5/network-security/lan-idsm2-inline/m-p/1578404#M66315 learnsec 2019-03-10T12:09:37Z https://community.cisco.com/t5/network-security/lan-idsm2-inline/m-p/1578405#M66318 <HTML><HEAD></HEAD><BODY><P>Yes IDSM can be inline device.</P><P></P><P>Regarding throughput, it's best to do a test.</P><P></P><P>I beleive a single IDSM can do 500Mbit/s (Marketing numbers, actual performance will depend on features enabled etc etc) via ECLB you can take up to 4 devices to provide up to 2Gbit/s throughput (if traffic is load balanced properly).</P><P></P><P>If you want to check current load, you can check either stats in IDSM itself or if you want traffic statistics:</P><P>show intrusion modu {NUM} data-port {1|2} traffic</P><P>example result:<BR />Intrusion-detection module 7 data-port 1</P><P></P><P>Specified interface is up line protocol is up (connected)<BR />&nbsp; Hardware is C6k 1000Mb 802.3, address is 0012.4374.290c (bia 0012.4374.290c)<BR />&nbsp; MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,<BR />&nbsp;&nbsp;&nbsp;&nbsp; reliability 255/255, txload 1/255, rxload 1/255<BR />&nbsp; Encapsulation ARPA, loopback not set<BR />&nbsp; Keepalive set (10 sec)<BR />&nbsp; Full-duplex, 1000Mb/s<BR />&nbsp; input flow-control is off, output flow-control is unsupported<BR />&nbsp; Last input never, output 00:00:44, output hang never<BR />&nbsp; Last clearing of "show interface" counters never<BR />&nbsp; Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0<BR />&nbsp; Queueing strategy: fifo<BR />&nbsp; Output queue: 0/40 (size/max)<BR />&nbsp; 5 minute input rate 0 bits/sec, 0 packets/sec<BR />&nbsp; 5 minute output rate 0 bits/sec, 0 packets/sec<BR />&nbsp;&nbsp;&nbsp;&nbsp; 2 packets input, 164 bytes, 0 no buffer<BR />&nbsp;&nbsp;&nbsp;&nbsp; Received 1 broadcasts, 0 runts, 0 giants, 0 throttles<BR />&nbsp;&nbsp;&nbsp;&nbsp; 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored<BR />&nbsp;&nbsp;&nbsp;&nbsp; 0 input packets with dribble condition detected<BR />&nbsp;&nbsp;&nbsp;&nbsp; 188437 packets output, 89695206 bytes, 0 underruns<BR />&nbsp;&nbsp;&nbsp;&nbsp; 0 output errors, 0 collisions, 2 interface resets<BR />&nbsp;&nbsp;&nbsp;&nbsp; 0 babbles, 0 late collision, 0 deferred<BR />&nbsp;&nbsp;&nbsp;&nbsp; 0 lost carrier, 0 no carrier<BR />&nbsp;&nbsp;&nbsp;&nbsp; 0 output buffer failures, 0 output buffers swapped out</P></BODY></HTML> Sat, 23 Oct 2010 10:01:35 GMT https://community.cisco.com/t5/network-security/lan-idsm2-inline/m-p/1578405#M66318 Marcin Latosiewicz 2010-10-23T10:01:35Z