RE: Core layer question [7:40535]

2002-04-04 Thread Larry Letterman
If you have redundant 6509 chassis with a sup in each, a 2nd sup in each one is not necessary. Its nice to have, but an added expense. Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steven A. Ridder Sen

Re: Core layer question [7:40535]

2002-04-04 Thread Steven A. Ridder
Good point. -- RFC 1149 Compliant. Get in my head: http://sar.dynu.com ""Larry Letterman"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > If you have redundant 6509 chassis with a sup in each, a 2nd sup in each one > is not necessary. Its nice to have, but an added expense. >

RE: Core layer question [7:40535]

2002-04-04 Thread Wes Stevens
traffic. >From: "Larry Letterman" >Reply-To: "Larry Letterman" >To: [EMAIL PROTECTED] >Subject: RE: Core layer question [7:40535] >Date: Thu, 4 Apr 2002 17:53:02 -0500 > >If you have redundant 6509 chassis with a sup in each, a 2nd sup in each >one

Re: Core layer question [7:40535]

2002-04-05 Thread MADMAN
Yes you are correct. I have a customer though, a big hospital where there is no such thing as downtime. They have dual 6509's with dual sups and MSFC's simply beacause some servers have only a single connection. The sales guy was happy!! Dave Larry Letterman wrote: > If you have redundant

RE: Core layer question [7:40535]

2002-04-07 Thread Kent Hundley
It's not a bad idea to have an IDS blade in the core, but if you have to pick either the DMZ and server blocks or the core, I would choose the former. Having an IDS blade in the core should not affect any other processing of the switch since its a completely self contained module with its own pro

Re: Core layer question [7:40535]

2002-04-07 Thread Steven A. Ridder
I've always understood that anything in the core (access-lists, FW blades, IDS modules, etc. ) is a bad design as it just slows down traffic as the core is built for speed. I was always told to move everything to the distro or access-layer, depending on the function, AFAIK, the IDS blades have t

Re: Core layer question [7:40535]

2002-04-07 Thread Priscilla Oppenheimer
Do y'all know about Cisco's SAFE design? It's a "blueprint" for implementing security on enterprise networks, sort of a template for a typical enterprise network (if there is such a thing as typical). It would probably give you ideas on where Cisco would put the IDS. It was developed by Sean C

Re: Core layer question [7:40535]

2002-04-08 Thread Steven A. Ridder
I had classes at Cisco on SAFE (EXCELLENT STUFF IF ANYONE GET'S TO GO!!) , and the Cisco rep said the same thing - never put anything in core. If you look at the SAFE blueprint for Enterprises, the IDS aren't in the core either (I checked last week). ""Priscilla Oppenheimer"" wrote in message

RE: Core layer question [7:40535]

2002-04-08 Thread Kent Hundley
riginal Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steven A. Ridder Sent: Sunday, April 07, 2002 3:14 PM To: [EMAIL PROTECTED] Subject: Re: Core layer question [7:40535] I've always understood that anything in the core (access-lists, FW blades, IDS modules, etc.