Traffic Ports (Forwarding Interfaces)
11
Chapter 2: Hardware Overview
Normal State
When the IDP is active and NICs are in the normal state, NICs only pass Layer 2
traffic if in transparent mode and if Layer 2 bypass is enabled. NSRP packets are
not passed, so external bypass units do not behave correctly.
NIC Bypass State
Ethernet copper ports on the IDP 75, 250, 800, and 8200 sensors all have built-in
port bypass with crossover. Port bypass only works if the sensor is configured for
transparent mode. If a sensor fails or is shut down while in transparent mode, the
pair of copper ports will automatically fail into a crossover “connected” state, and
traffic will flow through them to and from the rest of the network without being
analyzed.
NIC bypass works using a watchdog timer. Each port pair has a timer. The sensor
sends each timer a reset signal every second. If a timer does not receive a reset
signal for three seconds (or the configured time period), the bypass is activated.
After the bypass is activated, the timer continues listening for a reset signal. When
IDP becomes active again, it sends a reset signal. When the timer receives the reset
signal, the bypass deactivates automatically and the sensor goes back to normal
operation.
When NICs are in NIC bypass state prior to shutdown or failure, they only pass
Layer 2 traffic if in transparent mode and if Layer 2 bypass is enabled. NSRP
packets are not passed.
Table 4: NIC State Options
ACM
Settings
Modes
Availability
Description
NIC bypass
Transparent
mode only
Sensor failure
Graceful
shutdown
While sensor is active, it does not pass
NSRP packets unless Layer 2 bypass is
enabled.
When sensor becomes unavailable, ports
mechanically join in a crossover. Traffic
continues to flow, but sensor does not
examine traffic.
External
bypass unit
Transparent
mode only
Sensor failure only
While sensor is active, it passes NSRP
packets even if Layer 2 bypass is disabled.
On failure, external bypass unit passes
traffic around the sensor.
Note:
This is a global setting. If set for any
NIC, NSRP packets are allowed for all NICs.
NICS off
All inline
modes
Sensor failure
Graceful
shutdown
While sensor is active, it does not pass
NSRP packets unless Layer 2 bypass is
enabled for transparent mode.
When sensor fails or when the sensor
software is shut down, NICs turn off even if
sensor still has power.
Summary of Contents for IDP 250
Page 6: ...vi Table of Contents IDP 75 250 800 and 8200 Installation Guide...
Page 8: ...viii List of Figures IDP 75 250 800 and 8200 Installation Guide...
Page 10: ...x List of Tables IDP 75 250 800 and 8200 Installation Guide...
Page 14: ...IDP 75 250 800 and 8200 Installation Guide xiv Requesting Technical Support...
Page 20: ...IDP 75 250 800 and 8200 Installation Guide 6 IDP Configuration Basics...
Page 48: ...IDP 75 250 800 and 8200 Installation Guide 34 Checking the Status of Your Sensor...
Page 52: ...IDP 75 250 800 and 8200 Installation Guide 38 Reimaging the IDP Sensor...
Page 56: ...IDP 75 250 800 and 8200 Installation Guide 42 Replacing a Hard Drive IDP 800 and 8200 Only...
Page 68: ...IDP 75 250 800 and 8200 Installation Guide 54 Index...