Re: OT: IPS 4270 Sensor and Port-channel with 6500

Here are some links to help you out.
 
IPS overall
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/tsd_products_support_se
ries_home.html
 
IPS 7.1 CLI for interface pairing
http://www.cisco.com/en/US/docs/security/ips/7.1/configuration/guide/cli/cli_
interfaces.html#wp1182938

Example config:
physical-interfaces
GigabitEthernet0/1
admin-state enabled
exit
physical-interfaces
GigabitEthernet0/2
admin-state enabled
exit
inline-interfaces INSIDE
no
description
interface1 GigabitEthernet0/0
interface2 GigabitEthernet0/1
exit
exit
exit
! ------------------------------
service signature-definition sig0
exit
! ------------------------------
service anomaly-detection ad0
exit
!
------------------------------
service anomaly-detection ad1
exit
!
------------------------------
service analysis-engine
virtual-sensor vs0
logical-interface INSIDE subinterface-number 0
exit
virtual-sensor vs1
signature-definition sig1
anomaly-detection
anomaly-detection-name ad1
Regards,
Jay McMickle- 2x CCIE #35355 (R&S,Sec)
 
________________________________
 From: Johnny Morris
<johnnymorris01_at_gmail.com>
To: Jay McMickle <jay.mcmickle_at_yahoo.com>
Cc:
"ccielab_at_groupstudy.com" <ccielab_at_groupstudy.com>
Sent: Tuesday, May 7, 2013
7:29 PM
Subject: Re: OT: IPS 4270 Sensor and Port-channel with 6500
  

Thanks
for the feedback Jay, I will look into it.

On Tue, May 7, 2013 at 1:25 PM,
Jay McMickle <jay.mcmickle_at_yahoo.com> wrote:

> Absolutely. Inline interface
pairs.
>
> Regards,
> Jay McMickle CCIEx2 #35355 (R/S,Sec)
> Sent from my
iPhone
>
> On May 7, 2013, at 12:06 PM, Johnny Morris
<johnnymorris01_at_gmail.com>
> wrote:
>
> > Hello,
> >
> > I have an 4270 IPS
that hangs off of the 6500 core switch along with a
> pair
> > of Virtual
firewall that hang off the core switch as well, in which each
> > customer has
its own context FW. We have several customer VLANs off the
> > 6500 which are
part of the inside interface of the VFW's. We have a SPAN
> > setup for the
source as the inside VLANs going to destination interface
> of
> > the 4270.
Within the IPS we have VLAN pairs setup to receive the traffic
> on
> > the
VLANs and it is working fine. Also we have a virtual sensor setup for
> >
customer vlan traffic.
> >
> > We are working on upgrading the IPS software
and signatures so that it is
> > up to date and removing the SPAN temp until
we have it up to date. As of
> > now there is only 1 interface from the IPS to
the core switch. Are there
> > any capabilities to port-channel the IPS to
the core to increase load
> > capacity? Right now checking interface i see
about 350 Mbps being sent
> > output to the IPS from the core, With more
customers we add in the
> future I
> > would like to port-channel if capable.
> >
> > Sorry, I am a routing/switching guy and just getting forced into
>
security :
> > )
> >
> > Any recommendations to get me to the right place is
much appreciated.
> >
> >
> > Blogs and organic groups at http://www.ccie.net/
> >
> >
Received on Tue May 07 2013 - 17:53:24 ART