cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
536
Views
0
Helpful
1
Replies

HA IDS Etherchannel and SPAN

jesrobbie
Level 1
Level 1

I came across an excerpt from the CCNP Security IPS Official Cert Guide at the weekend that essentially said that you can use an Etherchannel bundle as a destination port with SPAN to connect multiple sensors for a scaleable HA IDS solution. Now that is news to me as I've always understood that you couldn't use an etherchannel bundle as a SPAN destination port and everything I've found whilst looking into this would seem to confirm my belief.

Does anyone know whether you actually can do this and the config involved please?

Many Thanks

1 Reply 1

rhermes
Level 7
Level 7

ECLB works for Promiscious mode only.

Ehterchannel load balancing uses the source/dest IP address hash as a load balancing method by default. This will cause all packets between any two IP addresses to be sent to teh same IPS Sensor in a load balanced arraingement. This is important so that a single sensor will see all the packets in a TCP session and properly maintain TCP session state.

- Bob

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: