It's not a bad idea to have an IDS blade in the core, but if you have to pick either the DMZ and server blocks or the core, I would choose the former. Having an IDS blade in the core should not affect any other processing of the switch since its a completely self contained module with its own processor. (course, murphy is always lurking)
It's also a good idea to have redundant sup's, but cost may be a factor as well. One can only have as much redundancy as your pocket book allows, and sup's aren't cheap. :-) Regards, Kent -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steven A. Ridder Sent: Thursday, April 04, 2002 2:20 PM To: [EMAIL PROTECTED] Subject: Core layer question [7:40535] Has anyone ever designed a network and put either a firewall or IDS blade in the core switch block? Even if the customer had no money, wouldn't this never be advisable? Has anyone ever done it? As background for the questions, I started a new job, and so I took over some accounts, and who ever has been doing the configs ( I think some have been comming from Cisco!) has been making mistakes here and there. One proposal had a 500 phone IP Tel network running over Cat. 3 wiring, and this one has a wan block going back to the core block (dual 6506's) with only 1 sup in each and an IDS blade in each! Isn't it advisable to move the IDS's to the server and DMZ blocks? Also, isn't it always advisable to go with 2 sups? I just want to make sure I'm not crazy, as I'd not like to casue a ton of waves my first week on the job. -- RFC 1149 Compliant. Get in my head: http://sar.dynu.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40765&t=40535 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]