05-02-2011 08:23 PM - edited 03-10-2019 05:20 AM
Hi Netpros,
I have a couple of questions and would appreciate your assistance.
1.- Is there any limitation regarding the number of in-line VLAN pairs which can be monitored by the IDSM-2. Using the below version in the cat 6K. I need to monitor about 10 VLAN pairs using in-line mode.
Core 1: Version 12.2(18)SXD7
1 Centralized Forwarding Card WS-F6700-CFC SAL1126STTL 3.1 Ok
2 Centralized Forwarding Card WS-F6700-CFC SAL1121PELM 3.1 Ok
3 Centralized Forwarding Card WS-F6700-CFC SAL1126SXJG 3.1 Ok
4 Centralized Forwarding Card WS-F6700-CFC SAL1105FV2Z 2.1 Ok
5 Policy Feature Card 3 WS-F6K-PFC3B SAD09460517 2.1 Ok
5 MSFC3 Daughterboard WS-SUP720 SAD094608WX 2.3 Ok
6 Policy Feature Card 3 WS-F6K-PFC3B SAL1005C5WC 2.2 Ok
6 MSFC3 Daughterboard WS-SUP720 SAD091300RC 2.7 Ok
7 Centralized Forwarding Card WS-F6700-CFC SAL1134YWA3 4.0 Ok
Core 2: Version 12.2(18)SXF10
3 Centralized Forwarding Card WS-F6700-CFC SAL1049A4BD 2.1 Ok
4 Centralized Forwarding Card WS-F6700-CFC SAL1133XJKG 3.1 Ok
5 Policy Feature Card 3 WS-F6K-PFC3B SAL1133XJZF 2.3 Ok
5 MSFC3 Daughterboard WS-SUP720 SAL1133XMQF 3.0 Ok
9 Centralized Forwarding Card WS-SVC-WISM-1-K9-D SAD125003MC 2.1 Ok
2.- Do I need to create one virtual sensor per in-line VLAN pair ?
Your assistance would be much appreciated.
Solved! Go to Solution.
05-03-2011 02:33 PM
I don;t know if there is an actual number, but I thought I remember the simultaneous number of VLAN pairs supported by the IPS OS was quite high. I'm currently running IDSMs with well over 10 VLANs.
You do not need to create a separate virtual sensor for each VLAN (That would use up your system resources quite quickly, as it is you can expect to get about 6K connections/sec and about 250Mb/s of throughput in a single sensor instance). You would only want a separate virtual sensor if you needed wildly different signature policies on each VLAN that couldn't;t be otherwise handled by Event Action Filters and Overrides.
- Bob
05-03-2011 02:33 PM
I don;t know if there is an actual number, but I thought I remember the simultaneous number of VLAN pairs supported by the IPS OS was quite high. I'm currently running IDSMs with well over 10 VLANs.
You do not need to create a separate virtual sensor for each VLAN (That would use up your system resources quite quickly, as it is you can expect to get about 6K connections/sec and about 250Mb/s of throughput in a single sensor instance). You would only want a separate virtual sensor if you needed wildly different signature policies on each VLAN that couldn't;t be otherwise handled by Event Action Filters and Overrides.
- Bob
05-03-2011 11:53 PM
Thanks .. much appreciated
05-05-2011 02:52 PM
Hi,
you can configure up to 255 vlan pairs.
Regards,
Sasa
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide