https://community.cisco.com/t5/network-security/ips-deployment-in-a-dual-core-environment/m-p/766982#M86620 <HTML><HEAD></HEAD><BODY><P>Right.... I guess I should back up and provide more information about what I am trying to do. So, I have a 4215 without the 4FE optional 4 port NIC that I want to monitor off of two 3750 routing switches. Would you recommend purchasing the card or spanning all Vlans? </P></BODY></HTML> Fri, 25 May 2007 14:45:56 GMT cschweigert 2007-05-25T14:45:56Z https://community.cisco.com/t5/network-security/ips-deployment-in-a-dual-core-environment/m-p/766980#M86616 <P>Can any one share ideas/recommendations about deploying a Cisco 4215 IPS in an environment that has dual core switchs?</P> Sun, 10 Mar 2019 10:37:25 GMT https://community.cisco.com/t5/network-security/ips-deployment-in-a-dual-core-environment/m-p/766980#M86616 cschweigert 2019-03-10T10:37:25Z https://community.cisco.com/t5/network-security/ips-deployment-in-a-dual-core-environment/m-p/766981#M86618 <HTML><HEAD></HEAD><BODY><P>look into vacl's and aggregators.</P></BODY></HTML> Wed, 23 May 2007 13:39:25 GMT https://community.cisco.com/t5/network-security/ips-deployment-in-a-dual-core-environment/m-p/766981#M86618 mhellman 2007-05-23T13:39:25Z https://community.cisco.com/t5/network-security/ips-deployment-in-a-dual-core-environment/m-p/766982#M86620 <HTML><HEAD></HEAD><BODY><P>Right.... I guess I should back up and provide more information about what I am trying to do. So, I have a 4215 without the 4FE optional 4 port NIC that I want to monitor off of two 3750 routing switches. Would you recommend purchasing the card or spanning all Vlans? </P></BODY></HTML> Fri, 25 May 2007 14:45:56 GMT https://community.cisco.com/t5/network-security/ips-deployment-in-a-dual-core-environment/m-p/766982#M86620 cschweigert 2007-05-25T14:45:56Z https://community.cisco.com/t5/network-security/ips-deployment-in-a-dual-core-environment/m-p/766983#M86622 <HTML><HEAD></HEAD><BODY><P>In 4215 you would have two interfaces, so that would mean you could have one inline pair. I am sure your two core switch traffic has to route through a fw before reaching the internet. </P><P></P><P>Need not do a promiscous monitoring, create a pair and place the IPS in between the active PIX and switch. This way whenever we have a active PIX, IPS inspects the traffic flows through it. Now in case of either device failing the secondary path can be used for the traffic to still continue passing. This way the traffic is not inspected but its going to be a rare occurence that your PIX would fail that easily or IPS has a hardware failure. </P><P></P><P>I am not sure if you can order the 4FE ports seperately contact your partner or Cisco for this information</P><P></P><P>HTH</P><P>Hoogen</P><P>Do rate if this post helps <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Sat, 26 May 2007 08:40:46 GMT https://community.cisco.com/t5/network-security/ips-deployment-in-a-dual-core-environment/m-p/766983#M86622 hoogen_82 2007-05-26T08:40:46Z https://community.cisco.com/t5/network-security/ips-deployment-in-a-dual-core-environment/m-p/766984#M86624 <HTML><HEAD></HEAD><BODY><P>I assume your goal is to monitor all traffic on both switches? If you're not going to purchase the card, you're going to have to get all the traffic down into a single port (the 4215 only has one monitoring port). You might be able to do that without additional equipment using RSPAN. There are numerous other ways to get the 2 feeds down to "one" (hub, additional switch with SPAN, port aggregator).</P><P></P><P>If you get the card, you should be able to use a normal SPAN or VACL on each switch and use a separate physical interface on the sensor. </P></BODY></HTML> Tue, 29 May 2007 12:14:28 GMT https://community.cisco.com/t5/network-security/ips-deployment-in-a-dual-core-environment/m-p/766984#M86624 mhellman 2007-05-29T12:14:28Z