10-22-2012 09:11 AM - last edited on 03-25-2019 05:20 PM by ciscomoderator
Hi,
I need to have a IDS/IPS for my local users in my network. we have 3xcisco 6509 in access layer switch with 4 VLANS and I am looking for a system to detect activities like Port scan, IP scan and ,... in local network from the workstations.
Please advise me.
Thanks,
Mike
Solved! Go to Solution.
10-23-2012 10:02 AM
Hello,
Span vlans is good, no problem at all but I would recommend 100% to go for the IPS mode instead of IDS. Way more secure and restrictive,
Regards
10-23-2012 10:47 AM
Hello,
No problem as you can SPAN the sessions on specific ports to the port going to the IPS.
Please check the configuration for each of the modes I presented before:
inline interface pair, inline vlan pair, inline vlan groups.
10-23-2012 11:10 AM
Hello,
Regarding one being cheaper than the other I cannot argue on that one
Now one will provide more features and protection than the other one but yes if you think that with the other IPS you will be good then you are set to go
Last but not least here are some links I think will help you regarding the IPS deployment ( 3 vlans ---- Inline vlan group deployment)
https://supportforums.cisco.com/message/3727610#3727610
http://securiosity.blogspot.com/2011/01/cisco-ips-vlan-groups.html
http://popravak.wordpress.com/2012/03/30/cisco-ips-scenario-three-inline-vlan-pairs/
Regards,
Julio
10-22-2012 04:54 PM
Hello,
Please check the following link so you can have a better understanding about the performance capacity of the IPS sensors.
Based on that you can choose the solution you can implement but that will depend on how many data traverse your network.
Hope this helps,
Remember to rate all of the helpful posts
Julio
10-22-2012 08:12 PM
I need to have 1Gbps IPS. I have checked Juniper IDP 800 and Cisco IPS 4360. which one is better?
any thought?
Thanks,
Mike
10-23-2012 09:07 AM
Hello,
I forget to post the link.
Here you go:
IPS 4260 rocks man, I am used to work with the IPS sensors so I can tell you they will provide you as much granularity as you want
They support a way extended range of features that will provide a dynamic protection to your company,
Remember to rate all of the answers. that is as important as a thanks for the community.
10-23-2012 09:23 AM
Thank you Julio,
I have 3x Cisco 6509 and 1 Internet Router. I am really confuse of putting the IPS device in between of those devices.
Should I connect each switch's uplinks directly to the IPS device and then from IPS to the other Switch?
Please advise.
Thanks,
Mike
10-23-2012 09:41 AM
Hello,
There are several ways to implement the IPS,
The question is do you want to have it inline or on promiscous mode?
If inline you could have it as an inline interface pair, inline vlan pair, inline vlan groups.
Regards,
10-23-2012 09:50 AM
I am thinking of IDS mode with SPAN my VLAN traffics to the IPS/IDS device.
is it a good idea to SPAN the VLANs?
like (config)#monitor session 1 source vlan 10
10-23-2012 10:02 AM
Hello,
Span vlans is good, no problem at all but I would recommend 100% to go for the IPS mode instead of IDS. Way more secure and restrictive,
Regards
10-23-2012 10:45 AM
if I go with IPS mode and connect switch uplinks to the IPS then I can not monitor local VLAN traffic on each switch. becuse I do not have Core switch in the network and each vlan traffic will stay on the switches and will not pass the uplinks.
10-23-2012 10:47 AM
Hello,
No problem as you can SPAN the sessions on specific ports to the port going to the IPS.
Please check the configuration for each of the modes I presented before:
inline interface pair, inline vlan pair, inline vlan groups.
10-23-2012 10:52 AM
can I span 3 vlan to 1 port which is connected to the IPS?
also I think I am going with Juniper IDP 800 becuse it is cheaper than cisco.
Thanks,
Mike
10-23-2012 11:10 AM
Hello,
Regarding one being cheaper than the other I cannot argue on that one
Now one will provide more features and protection than the other one but yes if you think that with the other IPS you will be good then you are set to go
Last but not least here are some links I think will help you regarding the IPS deployment ( 3 vlans ---- Inline vlan group deployment)
https://supportforums.cisco.com/message/3727610#3727610
http://securiosity.blogspot.com/2011/01/cisco-ips-vlan-groups.html
http://popravak.wordpress.com/2012/03/30/cisco-ips-scenario-three-inline-vlan-pairs/
Regards,
Julio
10-23-2012 12:09 PM
You are awesome! Thanks for your help.
10-23-2012 12:34 PM
Hello,
Glad I could help
Have a great day ( thanks for the comments and rating )
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide