IDSM-1 vs. IDSM-2 Comparison

As can be seen, the IDSM-2 module has far greater capabilities. Indeed, because it runs the Cisco IDS 4.0 software, it incorporates all of the functionality of the Cisco 4200 IDS series appliances while delivering 600 Mbps of performance. The benefit of the IDSM is that it takes data directly from the switch backplane and can monitor any traffic sent across the switch. Data to be monitored can be specified by SPAN and RSPAN or by VLANS via VACL capture mechanisms.

Besides performance, noteworthy differences between the two revisions include more management capabilities and more security features. For instance, the IDSM-2 module facilitates management via the Cisco VPN/Security Management Solution (VMS), Cisco IDS Device Manager (IDM), IDS Event Viewer (IEV), and via the CLI. Additionally, the IDSM-2 supports advanced IDS features such as TCP Resets, IP Logging, and Signature Micro Engines while the IDSM-1 does not. Also, the new IDSM supports Cisco's new method of event retrieval, Remote Data Exchange Protocol (RDEP) whereas IDSM-1 supports PostOffice Protocol only.

On the IDSM-2 there is no limit to the number of VLANs monitored on the module and no impact to traffic traversing the switch. Furthermore, the only limit to the number of IDS modules in a Catalyst 6500 is the number of free slots in the chassis. Finally, it should be noted that Cisco no longer sells the IDSM-1 as of April, 2003. All of this information and more will be discussed in detail in Chapter 6, which focuses on the IDSM solution specifically.