Intrusion Prevention
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
speedpill
Contributor
speedpill
Posts: 42
Registered: ‎07-20-2010
0

Transparent Inline mode - VLAN Question

Options

‎12-13-2010 04:37 PM

Hello Everyone,

 

I am going to be implementing an HA Juniper IPS appiiance using inline Transparent mode.

 

This is my diagram..

 

 

                         SWITCH 1   -----------------  SWITCH 2

                               |                                    |

                               |                                    |

                               |                                    |

                               |                                    |

 

                          Juniper IPS                    Juniper IPS

                                |                                   |

                                |                                   |

                                |                                   |

                                |                                   |

------------------------------------------------------------------

|                                                                                      |

|                         CISCO SWITCH                                |---------------------Standby CISCO SWITCH

|                                                                                      |                                        |

------------------------------------------------------------------                                SERVER FARMS

                                          |

                              SERVER FARMS

 

 

If there are multiple vlans on the switch connecting to the server farms, then the interface connecting the Juniper IPS to the CISCO SWITCH, will be like a mirrored port getting packets from all vlans in all interfaces. Otherwise how else will the IPS get packets from all the servers?

 

Thanks

 

 

Message 1 of 4 (2,340 Views)
 
Reply
Recognized Expert
Recognized Expert
aweck
Posts: 253
Registered: ‎07-24-2009
0

Re: Transparent Inline mode - VLAN Question

Options

‎12-14-2010 11:45 AM

Traffic will be controled by spanning tree on the switches.  The switches should just act they are directly connected with no IDP's in-between, forwarding layer-2 packets per their broadcast domain & repsective CAM tables.

Juniper Elite Partner
JNCIE-ENT #63, JNCIE-SP #705, JNCIE-SEC #17, JNCIS-FWV, JNCIS-SSL
Message 2 of 4 (2,313 Views)
 
Reply
DaveS
Contributor
DaveS
Posts: 21
Registered: ‎06-12-2009
0

Re: Transparent Inline mode - VLAN Question

Options

‎01-10-2011 10:04 AM

I have the exact same set up as your diagram with Cisco switch;s. I had a lot of spanning tree issues at first.. I built a etherchannell between the switch's and that resolved all it.

Message 3 of 4 (1,865 Views)
 
Reply
speedpill
Contributor
speedpill
Posts: 42
Registered: ‎07-20-2010
0

Re: Transparent Inline mode - VLAN Question

Options

‎02-17-2011 03:49 PM

Hello Dave,

 

Could you tell me how you made the etherchannel between the switches? How did that stop all your spanning tree issues?

 

A quick response would be greatly appreciated.

 

Thanks

Message 4 of 4 (1,063 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.