Advertisement
Hardware Bypass
4GE Bypass Interface card
IPS-4260 supports the 4-port GigabitEthernet card (part number IPS-4GE-BP-INT=) with hardware
bypass. This 4GE bypass interface card supports hardware bypass only between ports 0 and 1 and
between ports 2 and 3.
Hardware bypass complements the existing software bypass feature in IPS 5.1. For more information on
software bypass mode, refer to
bypass and software bypass on IPS-4260:
•
•
•
To test fail-over, set the bypass mode to ON or AUTO, create one or more inline interfaces and power
Note
down the sensor and verify that traffic still flows through the inline path.
Hardware Bypass Configuration Restrictions
To use the hardware bypass feature on the 4GE bypass interface card, you must pair interfaces to support
the hardware design of the card. If you create an inline interface that pairs a hardware-bypass-capable
interface with an interface that violates one or more of the hardware-bypass configuration restrictions,
hardware bypass is deactivated on the inline interface and you receive a warning message similar to the
following:
Hardware bypass functionality is not available on Inline-interface pair0.
Physical-interface GigabitEthernet2/0 is capable of performing hardware bypass only when
paired with GigabitEthernet2/1, and both interfaces are enabled and configured with the
same speed and duplex settings.
Installing Cisco Intrusion Prevention System Appliances and Modules 5.1
6-4
Figure 6-1 on page 6-3
When bypass is set to OFF, software bypass is not active.
For each inline interface for which hardware bypass is available, the component interfaces are set to
disable the fail-open capability. If SensorApp fails, the sensor is powered off, reset, or if the NIC
interface drivers fail or are unloaded, the paired interfaces enter the fail-closed state (no traffic flows
through inline interface or inline VLAN subinterfaces).
When bypass is set to ON, software bypass is active.
Software bypass forwards packets between the paired physical interfaces in each inline interface and
between the paired VLANs in each inline VLAN subinterface. For each inline interface on which
hardware bypass is available, the component interfaces are set to standby mode. If the sensor is
powered off, reset, or if the NIC interfaces fail or are unloaded, those paired interfaces enter
fail-open state in hardware (traffic flows unimpeded through inline interface). Any other inline
interfaces enter fail-closed state.
When bypass is set to AUTO (traffic flows without inspection), software bypass is activated if
sensorApp fails.
For each inline interface on which hardware bypass is available, the component interfaces are set to
standby mode. If the sensor is powered off, reset, or if the NIC interfaces fail or are unloaded, those
paired interfaces enter fail-open state in hardware. Any other inline interfaces enter the fail-closed
state.
shows the 4GE bypass interface card.
Configuring Bypass
Mode. The following conditions apply to hardware
Chapter 6
Installing IPS-4260
OL-8677-01
Advertisement
