15-20
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Chapter 15 Configuring IDSM-2
Configuring EtherChanneling
Configuring EtherChanneling
This section describes how to configure EtherChanneling on IDSM-2 for Cisco IOS software. It contains
the following topics:
•
Overview, page 15-20
•
Enabling EtherChanneling, page 15-20
•
Disabling EtherChanneling, page 15-22
•
Verifying EtherChanneling, page 15-23
Overview
Supervisor Engines in the Catalyst 6500 series chassis recognize IDSM-2 devices that are running
IPS 5.0 as EtherChannel devices. This lets you install up to eight IDSM-2 devices in the same chassis.
The IDSM-2 in the Catalyst 6500 series switch has eight internal ports. Only four of these ports are used.
Port 1 is a TCP/IP reset port. Port 2 is the command and control port. Ports 7 and 8 are the sensing ports
for Catalyst software and data ports 1 and 2 for Cisco IOS software. The other ports are not used.
The backplane is 1000 Mbps, which is why IDSM-2 shows 1000 Mbps even though it can only handle
about 600 Mbps of performance. The EtherChannel feature allows up to eight IDSM-2 devices to
participate in the load balancing on either port 7 or port 8.
Note
EtherChannel load balancing for IDSM-2 is only supported on Cisco IOS software. Instructions for
configuring EtherChannel load balancing on IDSM-2 for Cisco Catalyst software will be provided when
the Catalyst release to support it is available.
Enabling EtherChanneling
Note
To configure EtherChannel load balancing on IDSM-2, you must install Cisco IOS 12.2(18)SXE and
have Supervisor Engine 720. Cisco IOS only supports promiscuous IDSM-2 EtherChanneling using
VACL capture (not SPAN or monitor).
An EtherChannel balances the traffic load across the links in an EtherChannel by reducing part of the
binary pattern formed from the addresses in the frame to a numerical value that selects one of the links
in the channel.
EtherChannel load balancing can use MAC addresses, IP addresses, or Layer 4 port numbers, which can
be source or destination or both source and destination addresses or ports. The selected mode applies to
all EtherChannels configured on the switch. EtherChannel load balancing can also use MPLS Layer 2
information.
Use the option that provides the balance criteria with the greatest variety in your configuration. For
example, if the traffic on an EtherChannel is going only to a single MAC address and you use the
destination MAC address as the basis of EtherChannel load balancing, the EtherChannel always chooses
the same link in the EtherChannel; using source addresses or IP addresses might result in better load
balancing.