15-21
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Chapter 15 Configuring IDSM-2
Configuring EtherChanneling
For more information on EtherChanneling, refer to
Catalyst 6500 Series Cisco IOS Software
Configuration Guide, 12.2SX
.
To configure EtherChannel load balancing on IDSM-2, follow these steps:
Step 1
Configure each IDSM-2 for promiscuous operation.
For the procedure, see
Chapter 5, “Configuring Interfaces.”
Note
Make sure that all IDSM-2 VACL capture or SPAN or monitor configuration lines have been
removed before configuring IDSM-2 EtherChanneling.
Step 2
Log in to the console.
Step 3
Enter global configuration mode:
router#
configure terminal
Step 4
Create the VACL:
router(config)#
ip access-list extended
vacl_name
Step 5
Add any access control entries, for example,
permit any any
:
router(config-ext-nacl)#
permit ip any any
Step 6
Create at least one VLAN access map sequence:
router(config-ext-nacl)#
vlan access-map
vlan_access_map_name sequence_number
router(config-access-map)#
match ip address
vacl_name
router(config-access-map)#
action forward capture
Step 7
Apply the VLAN access map to the VLAN(s):
router(config-access-map)#
vlan filter
vlan_access_map_name
vlan-list
vlan_list
Step 8
For each IDSM-2, add the desired data ports into the desired EtherChannel:
router(config)#
intrusion-detection module
module_number
data-port
data_port_number
channel-group
channel_number
Each EtherChannel has a numbered port channel interface. You can configure a maximum of 64 port
channel interfaces, numbered from 1 to 256.
Step 9
Configure EtherChannel load balancing:
router(config)#
port-channel load-balance
[
dst-ip | dst-mac | dst-port | mpls | src-dst-ip
| src-dst-mac | src-dst-port | src-ip | src-mac | src-port
]
The following options apply:
•
dst-ip
—Destination IP address
•
dst-mac
—Destination MAC address
•
dst-port
—Destination TCP/UDP port
•
mpls
—Load balancing for MPLS packets
•
src-dst-ip
—Source and destination IP address
•
src-dst-mac
—Source and destination MAC address
•
src-dst-port
—Source and destination TCP/UDP port