Intrusion Prevention
Intrusion Prevention

Transparent Inline mode - VLAN Question

12.13.10   |  
‎12-13-2010 04:37 PM

Hello Everyone,

 

I am going to be implementing an HA Juniper IPS appiiance using inline Transparent mode.

 

This is my diagram..

 

 

                         SWITCH 1   -----------------  SWITCH 2

                               |                                    |

                               |                                    |

                               |                                    |

                               |                                    |

 

                          Juniper IPS                    Juniper IPS

                                |                                   |

                                |                                   |

                                |                                   |

                                |                                   |

------------------------------------------------------------------

|                                                                                      |

|                         CISCO SWITCH                                |---------------------Standby CISCO SWITCH

|                                                                                      |                                        |

------------------------------------------------------------------                                SERVER FARMS

                                          |

                              SERVER FARMS

 

 

If there are multiple vlans on the switch connecting to the server farms, then the interface connecting the Juniper IPS to the CISCO SWITCH, will be like a mirrored port getting packets from all vlans in all interfaces. Otherwise how else will the IPS get packets from all the servers?

 

Thanks

 

 

3 REPLIES
Highlighted
Intrusion Prevention

Re: Transparent Inline mode - VLAN Question

12.14.10   |  
‎12-14-2010 11:45 AM

Traffic will be controled by spanning tree on the switches.  The switches should just act they are directly connected with no IDP's in-between, forwarding layer-2 packets per their broadcast domain & repsective CAM tables.

Juniper Elite Partner
JNCIE-ENT #63, JNCIE-SP #705, JNCIE-SEC #17, JNCIS-FWV, JNCIS-SSL
Intrusion Prevention

Re: Transparent Inline mode - VLAN Question

01.10.11   |  
‎01-10-2011 10:04 AM

I have the exact same set up as your diagram with Cisco switch;s. I had a lot of spanning tree issues at first.. I built a etherchannell between the switch's and that resolved all it.

Intrusion Prevention

Re: Transparent Inline mode - VLAN Question

02.17.11   |  
‎02-17-2011 03:49 PM

Hello Dave,

 

Could you tell me how you made the etherchannel between the switches? How did that stop all your spanning tree issues?

 

A quick response would be greatly appreciated.

 

Thanks