1. Forum
  2. Usenet
  3. COMP.DCOM.SYS.CISCO

  • Cisco routers and switches.

    From The Doctor@21:1/5 to All on Thu Jun 23 21:32:58 2022
    Which Cisco router is good for IDS/IPS?

    And what about GB switches?
    --
    Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
    Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
    Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b Saying good things is evil when they are lies. -unknown Beware https://mindspring.com

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Doctor@21:1/5 to gtaylor@tnetconsulting.net on Fri Jun 24 04:23:39 2022
    In article <t93dvt$3mm$2@tncsrv09.home.tnetconsulting.net>,
    Grant Taylor <gtaylor@tnetconsulting.net> wrote:
    On 6/23/22 3:32 PM, The Doctor wrote:
    Which Cisco router is good for IDS/IPS?

    I have no idea.

    I wouldn't think of a Cisco /router/ as a good IDS / IPS platform. I'd >*MUCH* rather use a Linux or other Unix system.

    It is also going to be highly dependent on the line rate that you want
    to support.


    I have an old 3845 on ready that had IDS/ IPS capability.

    And what about GB switches?

    That depends what features you want and what interfaces you're using.



    I could be looking at 1 GB/ 10GB/ 100 GB


    --
    Grant. . . .
    unix || die


    --
    Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
    Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
    Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b Saying good things is evil when they are lies. -unknown Beware https://mindspring.com

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to The Doctor on Thu Jun 23 22:56:26 2022
    On 6/23/22 10:23 PM, The Doctor wrote:
    I have an old 3845 on ready that had IDS/ IPS capability.

    I wonder what those capabilities actually are.

    I could be looking at 1 GB/ 10GB/ 100 GB

    We use Cisco NCS 5000 series switches at work for 10 / 25 / 40 / 50 /
    100 Gbps interfaces. -- I don't remember if we got 1 Gbps to link or
    not. I know that we weren't able to get 100 Mbps, much less 10 Mbps to
    link.

    Why do we care about 10 / 100 Mbps? Management interfaces on things
    like PDUs.

    I don't know what sort of IDS / IPS capabilities the NCS 5ks have, if
    any. But we do occasionally run into issues with TCAM and ACLs. We've
    had to get very creative in how we do things.



    --
    Grant. . . .
    unix || die

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to The Doctor on Thu Jun 23 22:19:30 2022
    On 6/23/22 3:32 PM, The Doctor wrote:
    Which Cisco router is good for IDS/IPS?

    I have no idea.

    I wouldn't think of a Cisco /router/ as a good IDS / IPS platform. I'd
    *MUCH* rather use a Linux or other Unix system.

    It is also going to be highly dependent on the line rate that you want
    to support.

    And what about GB switches?

    That depends what features you want and what interfaces you're using.



    --
    Grant. . . .
    unix || die

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Doctor@21:1/5 to gtaylor@tnetconsulting.net on Fri Jun 24 14:43:10 2022
    In article <t93g55$k4e$1@tncsrv09.home.tnetconsulting.net>,
    Grant Taylor <gtaylor@tnetconsulting.net> wrote:
    On 6/23/22 10:23 PM, The Doctor wrote:
    I have an old 3845 on ready that had IDS/ IPS capability.

    I wonder what those capabilities actually are.

    I could be looking at 1 GB/ 10GB/ 100 GB

    We use Cisco NCS 5000 series switches at work for 10 / 25 / 40 / 50 /
    100 Gbps interfaces. -- I don't remember if we got 1 Gbps to link or
    not. I know that we weren't able to get 100 Mbps, much less 10 Mbps to
    link.

    Why do we care about 10 / 100 Mbps? Management interfaces on things
    like PDUs.

    I don't know what sort of IDS / IPS capabilities the NCS 5ks have, if
    any. But we do occasionally run into issues with TCAM and ACLs. We've
    had to get very creative in how we do things.



    Got one device that is 10 Mbps.

    --
    Grant. . . .
    unix || die


    --
    Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
    Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
    Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b Saying good things is evil when they are lies. -unknown Beware https://mindspring.com

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to The Doctor on Fri Jun 24 09:51:04 2022
    On 6/24/22 8:43 AM, The Doctor wrote:
    Got one device that is 10 Mbps.

    I think we -- somewhat ironically -- found that it was a factor of 10
    for the number of devices that needed 10 / 100 Mbps.

    Meaning 1/10th needed 100 Mbps and 1/10th of the 1/10th (or 1/100th)
    needed 10 Mbps.

    It was things like power monitoring systems (think SCADA) or UPSs that
    were the most problematic. You know, the things that would be the most difficult and / or most expensive / disruptive to replace.

    I think our work around was to put an unmanaged L2 switch that supported 10/100/1000 as a fan out to the more capable managed switch.



    --
    Grant. . . .
    unix || die

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)