Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
347
Views
0
Helpful
4
Replies

Multiple NICs 4235

paulhignutt
Level 1
Level 1

‎07-16-2004 07:09 AM - edited ‎03-09-2019 08:05 AM

Currently I have two 4235's in my redundantly switched perimeter network. The traffic volume doesn't necessitate even one 4235, so I thought it would be better to remove one for use in another area of the internal network. My question is, can I order a second NIC for the remaining 4235 so that it will be able to see all the traffic from both switches on my perimeter? My concern is that if I only have the one sensing interface in the one sensor, that one sensor won't be able to see all the traffic from both switches without doing something like RSPAN, which my perimeter switches do not support. So does anyone know if I can do that, and what the part number is?

Thanks

Paul

Labels:
0 Helpful
4 Replies 4

dblairii
Level 1
Level 1

‎07-16-2004 07:26 AM

I have asked this same question before and received a resounding "No". One thing that you could do, to utilize just one sensor, is to use aggregation taps to feed your sensor. That would mean that you could monitor up to four networks with one sensor that has the 4-port NIC and the onboard NIC. Here is an example of an aggregation tap:

http://www.netoptics.com/products/product_family_details.asp?cid=1&pid=3&Section=products&menuitem=1

Hope that helps.

Don

0 Helpful

paulhignutt
Level 1
Level 1
In response to dblairii

‎07-16-2004 07:45 AM

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps4077/products_data_sheet09186a008014873c.html

I don't think that is the whole story though, because in the above document it says the following of the 4235 appliance.

"Four 10/100BaseTx (4FE) sniffing interfaces (allowing a total of 5 sniffing interfaces)."

So I guess, is this the part number I need? And if so, when I get it I am wondering is there anything else I need to do to the sensor other than add those interfaces to the virtual group?

"IDS-4FE-INT= Spare 4FE (10/100 BaseTx) sniffing interfaces for 4215, 4235, & 4250"

Thanks

Paul

0 Helpful

dblairii
Level 1
Level 1
In response to paulhignutt

‎07-16-2004 08:09 AM

The 4-port sniffing interface is in fact IDS-4FE-INT

and is $1000.00.

You are correct, you simply need to install the NIC, enable the four new ports and then add them to the Virtual Group.

Don

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to dblairii

‎07-16-2004 08:32 AM

A few additional comments to help in your deployment.

The onboard sniffing interface of the 4235 is a 10/100/1000 interface, while the interfaces on the 4FE card are only 10/100 interfaces.

If your traffic rate in one switch is less than 100MBPS then an interface of the 4FE will work fine.

If you traffic rate in one switch is more than 100MBPS then you will need to connect to that switch with the onboard 10/100/1000 interface.

If both switches have more than 100MBPS that need to be monitored then you can connect the 10/100/1000 to one switch, and 2 of the 4FE ports to the other switch. You will have to do some kind of splitting of the traffic to be monitored across the 2 ports of the 4FE card on that second switch (like using 2 span sessions with one monitoring one set of ports, and the other monitoring a second set of ports).

The other thing to keep in mind is that the 4235 has a aggregate performance of 250MBPS.

You will need to ensure that all of the traffic coming into the sensor from all 5 interfaces is less than 250MBPS when added together.

As for configuring the sensor to work. As already mentioned all you need to do is enable the interfaces and add them to the interface group and the sensor will start sniffing on them.

0 Helpful
Customers Also Viewed These Support Documents