[c-nsp] Downgrade 6509 w/ Sup720 to CatOS

Rossella Mariotti-Jones rossella at chemeketa.edu
Thu Mar 10 16:12:54 EST 2005


Yes, but as far as I know there a limit in the number of Vlans you can
monitor and the IDS too has a limit in the blocking interfaces, am I
wrong? Right now we're blocking on the edge router but the IDS is
putting in ACLs blocking the inside address instead of the outside, so
we upgraded our PIX to the latest OS and this is not working either
because apparently the PIX doesn't do a 'shun connection' but it shuns
the host instead and we have a lot of devices that do PAT.

Rossella Mariotti-Jones
Network Analyst, CCNA
Chemeketa Community College / IT
T 503 589 7775
F 503 399 4898
E rossella at chemeketa.edu
www.chemeketa.edu

-----Original Message-----
From: Josh Duffek [mailto:consultantjd16 at ridemetro.org] 
Sent: Thursday, March 10, 2005 12:35 PM
To: Rossella Mariotti-Jones; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Downgrade 6509 w/ Sup720 to CatOS

What about using the monitor command in IOS to send traffic to your IDS
port?  

josh duffek    network engineer
consultantjd16 at ridemetro.org

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Rossella Mariotti-Jones
> Sent: Thursday, March 10, 2005 2:24 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Downgrade 6509 w/ Sup720 to CatOS
> 
> We are looking into downgrading our core switch to CatOS so that we
can
> use our IDS to block using VACLs. Right now we're running IOS V.
> 12.2(17d)SXB and we have Sup720. Has anybody attempted this before? it
> appears that we are going to have to go through the current config
line
> by line and re-enter it into the 6500 after we roll back, I'd like to
> get this done as smoothly and quickly as possible, does anybody have
any
> suggestions as far as how to tackle this? What are the things I have
to
> watch out for? Any recommendations? Any help would be greatly
> appreciated. Thanks in advance.
> 
> 
> 
> Rossella Mariotti-Jones
> 
> Network Analyst, CCNA
> 
> Chemeketa Community College / IT
> 
> T 503 589 7775
> 
> F 503 399 4898
> 
> E rossella at chemeketa.edu <mailto:rossella at chemeketa.edu>
> 
> www.chemeketa.edu
> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/





More information about the cisco-nsp mailing list