cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
753
Views
0
Helpful
3
Replies

How many in-line VLAN pairs are supported on IDSM-2

Fernando_Meza
Level 7
Level 7

Hi Netpros,

I have a couple of questions and would appreciate your assistance.

1.- Is there any limitation regarding the number of in-line VLAN pairs which can be monitored  by the IDSM-2.  Using the below version in the cat 6K. I need to monitor about 10 VLAN pairs using in-line mode.

Core 1:  Version  12.2(18)SXD7

   1 Centralized Forwarding Card WS-F6700-CFC       SAL1126STTL   3.1    Ok
  2 Centralized Forwarding Card WS-F6700-CFC       SAL1121PELM   3.1    Ok
  3 Centralized Forwarding Card WS-F6700-CFC       SAL1126SXJG   3.1    Ok
  4 Centralized Forwarding Card WS-F6700-CFC       SAL1105FV2Z   2.1    Ok
  5 Policy Feature Card 3       WS-F6K-PFC3B       SAD09460517   2.1    Ok
  5 MSFC3 Daughterboard         WS-SUP720          SAD094608WX   2.3    Ok
  6 Policy Feature Card 3       WS-F6K-PFC3B       SAL1005C5WC   2.2    Ok
  6 MSFC3 Daughterboard         WS-SUP720          SAD091300RC   2.7    Ok
  7 Centralized Forwarding Card WS-F6700-CFC       SAL1134YWA3   4.0    Ok

Core 2:   Version 12.2(18)SXF10

  3  Centralized Forwarding Card WS-F6700-CFC       SAL1049A4BD  2.1    Ok
  4  Centralized Forwarding Card WS-F6700-CFC       SAL1133XJKG  3.1    Ok
  5  Policy Feature Card 3       WS-F6K-PFC3B       SAL1133XJZF  2.3    Ok
  5  MSFC3 Daughterboard         WS-SUP720          SAL1133XMQF  3.0    Ok
  9  Centralized Forwarding Card WS-SVC-WISM-1-K9-D SAD125003MC  2.1    Ok

2.-  Do I need to create one virtual sensor per in-line VLAN pair ?

Your assistance would be much appreciated.

1 Accepted Solution

Accepted Solutions

rhermes
Level 7
Level 7

I don;t know if there is an actual number, but I thought I remember the simultaneous number of VLAN pairs supported by the IPS OS was quite high. I'm currently running IDSMs with well over 10 VLANs.

You do not need to create a separate virtual sensor for each VLAN (That would use up your system resources quite quickly, as it is you can expect to get about 6K connections/sec and about 250Mb/s of throughput in a single sensor instance). You would only want a separate virtual sensor if you needed wildly different signature policies on each VLAN that couldn't;t be otherwise handled by Event Action Filters and Overrides.

- Bob

View solution in original post

3 Replies 3

rhermes
Level 7
Level 7

I don;t know if there is an actual number, but I thought I remember the simultaneous number of VLAN pairs supported by the IPS OS was quite high. I'm currently running IDSMs with well over 10 VLANs.

You do not need to create a separate virtual sensor for each VLAN (That would use up your system resources quite quickly, as it is you can expect to get about 6K connections/sec and about 250Mb/s of throughput in a single sensor instance). You would only want a separate virtual sensor if you needed wildly different signature policies on each VLAN that couldn't;t be otherwise handled by Event Action Filters and Overrides.

- Bob

Thanks ..  much appreciated

smilic
Level 1
Level 1

Hi,

you can configure up to 255 vlan pairs.

Regards,

Sasa

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: