08-15-2008 06:52 AM - edited 03-10-2019 04:15 AM
Hello,
We are planning to user VLAN pair mode using Ether channel trunks (Inline-on-a-stick) mainly to over come the lack of 10 GigE interfaces which would prevent us from adopting traditional in-line architecture for firewalls with 10 GigE interfaces.
Do you or your customers have experience with Inline-on-a-stick? Could you please share your advices and any word of caution we need to keep in mind?
I do know the Bypass can't work in this mode, which we are planning to address by deploying multiple IPS 4270 appliances and Ether Channels.
Any suggestions are appreciated!
Thanks,
Antony
08-15-2008 10:21 AM
With VLAN pairs you need to be aware of the "sharing" going on between the two VLANS on the same GigE interface. Each VLAN should be loaded to no more than 50%.
I would reccomend an external VLAN bypass for when the sensor takes a nap, reloads or gets an OS update. I've done this with an alternate path between the two VLANS with a higher Spanning Tree cost. If you play with the SPT parmeters you can get the switchover down to under a second.
08-18-2008 12:23 PM
Thanks for the reply Robert,
You raised very important points about the VLAN sharing and alternate path. Appreciate the help.
- Antony
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide