Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Does the TippingPoint IPS support EtherChannel or LACP?

    • Updated:
    • 2 Aug 2016
    • Product/Version:
    • TippingPoint IPS N-series All
    • TippingPoint IPS NX-series All
    • TippingPoint IPS S-series All
    • TippingPoint NGFW All
    • TippingPoint SecBlade All
    • TippingPoint TPS All
    • TippingPoint Virtual TPS All
    • Platform:
Summary
This purpose of this article is to discus EtherChannel and Link Aggregation support by the TippingPoint IPS devices.
Details
Public

TippingPoint IPS devices do support Cisco's EtherChannel® and the IEEE Link Aggregation Control Protocol (LACP). However, all aggregation configurations are performed at the switch as the IPS by itself has no configuration settings pertaining to aggregation. The only caveat with running aggregated links thru the IPS is that in order to maintain IPS operations, the aggregation protocol being used needs to be configured to not use any type of load balancing (e.g. Round Robin, Active-Backup policy) algorithm for traffic flow. While "Round Robin" is great for load balancing traffic flow across multiple links, the fact is that it is not good for packet inspection by the IPS. Traffic flow affinity needs to be maintained and this would mean using a flow based algorithm such as aggregating using the source IP. This will ensure that all fragments from any particular flow will go through the same segment.

In order to configure the IPS for link aggregation the user needs to setup the appropriate number of segments. As an example if the user is aggregating 4 links, he would need to setup 4 segments (8 ports) for the link aggregation connections. Four ports (1A, 2A, 3A, 4A) coming from switch 1 and four ports (1B, 2B, 3B, 4B) going to switch 2. See the sample topology diagram below.

Link Aggregation

 

Segment Groups

In addition the user can also create "Segment Groups". A Segment Group is a grouping of device segments, physical or virtual, that are set up in a specific combination that allows users to maintain settings and file distribution. Users can then associate a particular profile of filters to the segment group. So in the above example the user could create a Segment Group for all the "A" ports (inbound) and another Segment Group for all the "B" ports (outbound) and apply profiles accordingly.

How To: Create a Segment Group

  1. Log in to the SMS from a client.
  2. On the SMS toolbar, navigate to the Devices > All Devices and expand the tab.
  3. Select the Segment Groups tab.
  4. To create a new Segment Group do one of the following:
    • Click New.
    • Right-click and select New.
    • On the top menu select File > New > Segment Group.
  5. The Segment Group Edit dialog displays.
  6. In the Group Name field, specify a name for the group.
  7. In the Non Members pane, select how you want to organize the list: by Device or by Segment Group.
  8. Select one or more devices from the list. You can select multiple devices by clicking and dragging your cursor over the names and using the Shift and Ctrl keys.
  9. Click the right arrow button to move the selected device to the right Group Members pane.
  10. Click OK. The segment group displays in the Devices Navigation pane and Devices > Segment Group screen.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000085763
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.