NBAR os IDSM-2 to monitor multiple vlans

Discussion in 'Cisco' started by JOE CAMPOS, Dec 10, 2003.

  1. JOE CAMPOS

    JOE CAMPOS Guest

    Scenario:
    we have 13 floors in our building. All the floors come down into the same
    switch via gig links. Each floor is an individual subnet vlan. That switch
    then communicates to other server farm switches via a gig uplink. The
    problem we want to remedy is how to keep workstations that are infected with
    Blaster or future variants from "blasting" each from floor-to-floor. By this
    I mean, if we have infected machines on the 5th floor then they will bombard
    clients on the other floors. What is the best way to contain this situation?
    Should I use the IDSM-2 to shun these attacks via dynamic VACLs or should I
    use NBAR for this situation or even just private vlans?? Of course private
    vlans will only help on each respective vlan subnet. Also, If I use NBAR
    (IDSM-2 too??) will it block all good traffic as well? I know with NBAR I
    Can have it drop traffic altogether which is the ultimate goal. I have read
    the following SAFE document and it is very good but it still leaves many
    questions unanswered. There is an NBAR sample config there as well.
    http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutio
    ns_white_paper09186a00801b2391.shtml
     
    JOE CAMPOS, Dec 10, 2003
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.