05-02-2011 08:23 PM - edited 03-10-2019 05:20 AM
Hi Netpros,
I have a couple of questions and would appreciate your assistance.
1.- Is there any limitation regarding the number of in-line VLAN pairs which can be monitored by the IDSM-2. Using the below version in the cat 6K. I need to monitor about 10 VLAN pairs using in-line mode.
Core 1: Version 12.2(18)SXD7
1 Centralized Forwarding Card WS-F6700-CFC SAL1126STTL 3.1 Ok
2 Centralized Forwarding Card WS-F6700-CFC SAL1121PELM 3.1 Ok
3 Centralized Forwarding Card WS-F6700-CFC SAL1126SXJG 3.1 Ok
4 Centralized Forwarding Card WS-F6700-CFC SAL1105FV2Z 2.1 Ok
5 Policy Feature Card 3 WS-F6K-PFC3B SAD09460517 2.1 Ok
5 MSFC3 Daughterboard WS-SUP720 SAD094608WX 2.3 Ok
6 Policy Feature Card 3 WS-F6K-PFC3B SAL1005C5WC 2.2 Ok
6 MSFC3 Daughterboard WS-SUP720 SAD091300RC 2.7 Ok
7 Centralized Forwarding Card WS-F6700-CFC SAL1134YWA3 4.0 Ok
Core 2: Version 12.2(18)SXF10
3 Centralized Forwarding Card WS-F6700-CFC SAL1049A4BD 2.1 Ok
4 Centralized Forwarding Card WS-F6700-CFC SAL1133XJKG 3.1 Ok
5 Policy Feature Card 3 WS-F6K-PFC3B SAL1133XJZF 2.3 Ok
5 MSFC3 Daughterboard WS-SUP720 SAL1133XMQF 3.0 Ok
9 Centralized Forwarding Card WS-SVC-WISM-1-K9-D SAD125003MC 2.1 Ok
2.- Do I need to create one virtual sensor per in-line VLAN pair ?
Your assistance would be much appreciated.
Solved! Go to Solution.
05-03-2011 02:33 PM
I don;t know if there is an actual number, but I thought I remember the simultaneous number of VLAN pairs supported by the IPS OS was quite high. I'm currently running IDSMs with well over 10 VLANs.
You do not need to create a separate virtual sensor for each VLAN (That would use up your system resources quite quickly, as it is you can expect to get about 6K connections/sec and about 250Mb/s of throughput in a single sensor instance). You would only want a separate virtual sensor if you needed wildly different signature policies on each VLAN that couldn't;t be otherwise handled by Event Action Filters and Overrides.
- Bob
05-03-2011 02:33 PM
I don;t know if there is an actual number, but I thought I remember the simultaneous number of VLAN pairs supported by the IPS OS was quite high. I'm currently running IDSMs with well over 10 VLANs.
You do not need to create a separate virtual sensor for each VLAN (That would use up your system resources quite quickly, as it is you can expect to get about 6K connections/sec and about 250Mb/s of throughput in a single sensor instance). You would only want a separate virtual sensor if you needed wildly different signature policies on each VLAN that couldn't;t be otherwise handled by Event Action Filters and Overrides.
- Bob
05-03-2011 11:53 PM
Thanks .. much appreciated
05-05-2011 02:52 PM
Hi,
you can configure up to 255 vlan pairs.
Regards,
Sasa
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: