06-07-2010 07:03 AM - edited 03-10-2019 05:01 AM
Hello Experts,
I´m implementing INLINE VLAN PAIRS in two 4260 and a 4270.
I know that the BYPASS is a software failover. But what is going to happen if the hardware fails????
Who is going to do the VLAN re-tagging???
What is going to happen with that traffic?
Is there are way to configure the switch to re-direct the traffic if the IPS is DOWN. of a way to do the re-tag in the switch?
I would really appreciate your comments and suggestions.
06-07-2010 10:00 AM
You need to perform the failopen function outside the IPS sensor.
Use an external (to the sensor) switch, create two VLANS, connect them together via the sensor (each VALN to sensor connection is a Trunk with one one VLAN in it). Then create a second connection via a patch cable betwen the two VLANS, give it a higher STP metric, enable Spanning tree on these 4 ports. The bypass cable will only run traffic if the sensor stops passing BPDUs.
- Bob
06-07-2010 10:28 AM
Hi rhermes,
I understood the STP part but not the connections part. I´m using only 1 interface to do the VLAN PAIR, the retag is being done in an interface.(and 1 interface in the switch). where should I connect the 4 ports.
Thank you for your time.
06-07-2010 11:31 AM
If you're only using one interface on the sensor, then you only need three switch ports; one trunking both VLANS to the sensor and one port in each VLAN as a regular (non-trunked) access port connected together via a patch cable.
- Bob
06-08-2010 10:57 AM
Hello,
last question. Who is going to make the vlan re-tagging? will VLAN 1 be able to talk to VLAN2 ?
06-08-2010 04:58 PM
The sensor knows the vlan tags, so he will change the vlan tags when bridging the vlans.
I hope it makes sense.
PK
06-08-2010 10:17 PM
When traffic flow through the IPS Sensor, the VLAN pair in the sensor will re-tag the traffic on the trunk port..
When the sensor stops passing layer 2 frames, Spanning trree Protocol will unblock the failover cable port and allow traffic to pass between VLAN 1 and VLAN2 untaged (these poerts are not trunks).
- Bob
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide