10-24-2008 09:35 AM - edited 03-10-2019 04:20 AM
In the config guide for the IDSM, it states:
To make sure that the same traffic is assigned to the two data ports on each IDSM-2, you must assign the
same EtherChannel index to both data ports on each of the IDSM-2s even though they are in different
EtherChannel groups.
Can anyone tell me how to change the EtherChannel index? I have successfully assigned the data ports to a port channel, but I cannot figure out how to change the EtherChannel index.
Solved! Go to Solution.
11-04-2008 02:33 AM
Technically the same source/dest pair should be served by the same IPS if the network has everything configured properly. It seems you have assymetric routing, can you post the output of:
show etherchannel load-balance
Regards
Farrukh
11-04-2008 05:48 AM
SW1 (the one that seems to be load balancing properly)
SW1#sh etherchannel load-balance
EtherChannel Load-Balancing Configuration:
src-dst-ip enhanced
mpls label-ip
EtherChannel Load-Balancing Addresses Used Per-Protocol:
Non-IP: Source XOR Destination MAC address
IPv4: Source XOR Destination IP address
IPv6: Source XOR Destination IP address
MPLS: Label or IP
SW2 (the one that seems to not be load balancing properly)
SW2#sh etherchannel load-balance
EtherChannel Load-Balancing Configuration:
src-dst-ip enhanced
mpls label-ip
EtherChannel Load-Balancing Addresses Used Per-Protocol:
Non-IP: Source XOR Destination MAC address
IPv4: Source XOR Destination IP address
IPv6: Source XOR Destination IP address
MPLS: Label or IP
11-04-2008 07:14 AM
What are you inline normalizer settings in the virtual sensor?
Regards
Farrukh
11-04-2008 07:17 AM
My Inline TCP Session Tracking Mode is Interface and VLAN.
My Normalizer Mode is Strict Evasion Protection.
You think the Normalizer should be in Asymmetric Mode Protection?
11-04-2008 06:55 PM
Yes that would be worth a try (At least to test if it does the trick).
Regards
Farrukh
11-11-2008 07:13 AM
Ok, way late update. Asymmetric mode works. I have a TAC case open, and they have moved it from the security team to the switching team, ad they think it is a load balancing issue, not an IDSM issue. :(
11-13-2008 01:27 AM
Ok thats great, keep us posted :)
Regards
Farrukh
11-18-2008 01:25 PM
Ok, another update. I have been working with TAC for a while now. I had 3 total TAC engineers on a WebEx session doing ELAM superman captures on the switch. We observed traffic from A to B selecting one interface in the EtherChannel, but traffic from B to A selects the other interface in the EtherChannel. So they are going to get together back there in RTP and work out a solution. In other words, I am still not inspecting traffic. :(
11-18-2008 07:16 PM
Thanks for the update. Must be something wrong with their EC hashing or spanning tree I guess.
Regards
Farrukh
11-26-2008 06:50 PM
Well, here's another update. It's a bug. :D
11-26-2008 11:16 PM
Thanks for the update.
Pretty cryptic description written by the TAC engineer tough.
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: