OK, here's the deal,
I need to monitor a T-3 before and after a Firewall
So: ISP---7206----Switch-----Firewall----Switch----Router----LANs
with the 2 different IDSes ( Intrusion Detection System ) hanging off of a
monitor port on each switch.
I was starting to get collisions on the firewall and the router with a 100Mb
hub so, I figured if I wack 2 Cisco 2912XL switches in there and set
everything for 100Mb Full, and that would end that issue and it has, but has
raised another one.
So far, at the switch points, the switches are running at 80% according to
the LEDs on the front, with our current bandwidth at about ~20Mb.
What are the LEDs measuring is my first question?
If it is the CPU utilization, I have a feeling it is because of Span/port
monitor that the CPU has to duplicate the packets and ship them out the
monitor port.
My 2nd question is: If this link goes up to the max 40+ Mb, will I start
dropping packets between the router(s) and the Firewall?
Will I drop packets going to the IDSes?
We have a Cat 5000 sitting around so, I figured, why not just use it?
I tried to enable two different Port spans on a Cat 5000 and it will only
allow me to do one at a time. I figured a Cat 5000 would have enough CPU
power to do the job. I was going to create 3 VLANs, one VLAN before the
firewall and one after and one for management. But if I can only do (1) span
at a time, this isn't going to work either.
Suggestions?
Or am I worrying for nothing? Will the 2912's do it or do I need to go the
3500XL or 4000 series switches to do this? What is everyone else doing?
Scotty
----------------------------------------------------------
Scott Nelson - Network Engineer
Wash DC +1202-270-8968
Los Angeles +1310-367-6646
mailto:[EMAIL PROTECTED]
----------------------------------------------------------
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
