I am a long ways from being up to speed on ids, but I would think that the server block is where you would need the ids blades. Your most suspect traffic is what is comming off the internet and going to your users. If you put the ids in the server block and dmz you will never see most of that traffic.
>From: "Larry Letterman" >Reply-To: "Larry Letterman" >To: [EMAIL PROTECTED] >Subject: RE: Core layer question [7:40535] >Date: Thu, 4 Apr 2002 17:53:02 -0500 > >If you have redundant 6509 chassis with a sup in each, a 2nd sup in each >one >is not necessary. Its nice to have, but an added expense. > > >Larry Letterman >Cisco Systems >[EMAIL PROTECTED] > > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Steven A. Ridder >Sent: Thursday, April 04, 2002 2:20 PM >To: [EMAIL PROTECTED] >Subject: Core layer question [7:40535] > > >Has anyone ever designed a network and put either a firewall or IDS blade >in >the core switch block? Even if the customer had no money, wouldn't this >never be advisable? Has anyone ever done it? > >As background for the questions, I started a new job, and so I took over >some accounts, and who ever has been doing the configs ( I think some have >been comming from Cisco!) has been making mistakes here and there. One >proposal had a 500 phone IP Tel network running over Cat. 3 wiring, and >this >one has a wan block going back to the core block (dual 6506's) with only 1 >sup in each and an IDS blade in each! Isn't it advisable to move the IDS's >to the server and DMZ blocks? Also, isn't it always advisable to go with 2 >sups? > >I just want to make sure I'm not crazy, as I'd not like to casue a ton of >waves my first week on the job. > >-- > >RFC 1149 Compliant. >Get in my head: >http://sar.dynu.com _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40544&t=40535 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
