Configuration Guide
Page 85
....89.147.3://tftpboot/dev.lic license-key Password: ******* Step 6 Verify the sensor is licensed: sensor# show version Application Partition: Cisco Intrusion Prevention System, Version 5.0(1)S149.0 OS Version 2.4.26-IDS-smp-bigphys Platform: IPS-4255-K9 Serial Number: JAB0815R0JS Licensed, expires: 19-Dec-2005 UTC Sensor up-time is using an account with that has a web server, FTP...
....89.147.3://tftpboot/dev.lic license-key Password: ******* Step 6 Verify the sensor is licensed: sensor# show version Application Partition: Cisco Intrusion Prevention System, Version 5.0(1)S149.0 OS Version 2.4.26-IDS-smp-bigphys Platform: IPS-4255-K9 Serial Number: JAB0815R0JS Licensed, expires: 19-Dec-2005 UTC Sensor up-time is using an account with that has a web server, FTP...
Configuration Guide
Page 86
Installing the License Key Chapter 4 Initial Configuration Tasks Upgrade History: IDS-K9-maj-5.0-1- 14:16:00 UTC Thu Mar 04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 Step 7 sensor# Copy your license key from a sensor to a server to keep a backup copy of the license: sensor# copy license-key scp://[email protected]://tftpboot/dev.lic Password: ******* sensor# 4-40 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01
Installing the License Key Chapter 4 Initial Configuration Tasks Upgrade History: IDS-K9-maj-5.0-1- 14:16:00 UTC Thu Mar 04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 Step 7 sensor# Copy your license key from a sensor to a server to keep a backup copy of the license: sensor# copy license-key scp://[email protected]://tftpboot/dev.lic Password: ******* sensor# 4-40 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01
Configuration Guide
Page 246
...:22:27-0600 2005-02-09T03:22:27-0600 Running Running Upgrade History: IDS-K9-maj-5.0-0.27-S91-0.27-.pkg 03:00:00 UTC Thu Feb 05 2004 Recovery Partition Version 1.1 - 5.0(0.27)S91(0.27) nm-cids# 13-20 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01 Using 485675008 out of...
...:22:27-0600 2005-02-09T03:22:27-0600 Running Running Upgrade History: IDS-K9-maj-5.0-0.27-S91-0.27-.pkg 03:00:00 UTC Thu Feb 05 2004 Recovery Partition Version 1.1 - 5.0(0.27)S91(0.27) nm-cids# 13-20 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01 Using 485675008 out of...
Configuration Guide
Page 250
...have entered in the current menu. Display the PEP information: sensor# show inventory command does not apply to the following platforms: • IDSM-2 • NM-CIDS • IDS-4210 • IDS-4215 • IDS-4235 • IDS-4250 To display PEP information, follow these steps: Step 1...the CLI. The show inventory Name: "Chassis", DESCR: "IPS 4255 Intrusion Prevention Sensor" PID: IPS-4255-K9, VID: V01 , SN: JAB0815R017 13-24 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the Sensor Displaying Command History Use the show history command to obtain a list of...
...have entered in the current menu. Display the PEP information: sensor# show inventory command does not apply to the following platforms: • IDSM-2 • NM-CIDS • IDS-4210 • IDS-4215 • IDS-4235 • IDS-4250 To display PEP information, follow these steps: Step 1...the CLI. The show inventory Name: "Chassis", DESCR: "IPS 4255 Intrusion Prevention Sensor" PID: IPS-4255-K9, VID: V01 , SN: JAB0815R017 13-24 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the Sensor Displaying Command History Use the show history command to obtain a list of...
Configuration Guide
Page 262
Example: asa# hw-module module 1 recover configure Image URL [tftp://1.1.1.1/IPS-SSM-K9-sys-1.1-a-5.0-0.15-S91-0.15.img]: Port IP Address [1.1.1.23]: VLAN ID [0]: Gateway IP Address [0.0.0.0]:1.1.1.2 hostname# asa# show module 1 recover Module 1 recover parameters... hw-module ...URL location. Boot Recovery Image: No Image URL: tftp://1.1.1.1/IPS-SSM-K9-sys-1.1-a-5.0-0.15-S91-0.15.img Port IP Address: 1.1.1.23 Gateway IP Address: 1.1.1.2 VLAN ID: 0 14-6 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for module recovery. Reloading, Shutting Down, Resetting, ...
Example: asa# hw-module module 1 recover configure Image URL [tftp://1.1.1.1/IPS-SSM-K9-sys-1.1-a-5.0-0.15-S91-0.15.img]: Port IP Address [1.1.1.23]: VLAN ID [0]: Gateway IP Address [0.0.0.0]:1.1.1.2 hostname# asa# show module 1 recover Module 1 recover parameters... hw-module ...URL location. Boot Recovery Image: No Image URL: tftp://1.1.1.1/IPS-SSM-K9-sys-1.1-a-5.0-0.15-S91-0.15.img Port IP Address: 1.1.1.23 Gateway IP Address: 1.1.1.2 VLAN ID: 0 14-6 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for module recovery. Reloading, Shutting Down, Resetting, ...
Configuration Guide
Page 265
... port 10-Gigabit Ethernet Module WS-X6502-10GE SAD071903BT 10 3 Anomaly Detector Module WS-SVC-ADM-1-K9 SAD084104JR 11 8 Intrusion Detection System WS-SVC-IDSM2 SAD05380608 13 8 Intrusion Detection System WS-SVC-IDSM-2 SAD072405D8 Mod MAC addresses Hw Fw Sw Status 1 00d0.d328.e2ac to...1.3 Ok 7 MSFC3 Daughterboard WS-SUP720 SAD083206JX 2.1 Ok 11 IDS 2 accelerator board WS-SVC-IDSUPG . 2.0 Ok 13 IDS 2 accelerator board WS-SVC-IDSUPG 0347331976 2.0 Ok Mod Online Diag Status 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 15-3
... port 10-Gigabit Ethernet Module WS-X6502-10GE SAD071903BT 10 3 Anomaly Detector Module WS-SVC-ADM-1-K9 SAD084104JR 11 8 Intrusion Detection System WS-SVC-IDSM2 SAD05380608 13 8 Intrusion Detection System WS-SVC-IDSM-2 SAD072405D8 Mod MAC addresses Hw Fw Sw Status 1 00d0.d328.e2ac to...1.3 Ok 7 MSFC3 Daughterboard WS-SUP720 SAD083206JX 2.1 Ok 11 IDS 2 accelerator board WS-SVC-IDSUPG . 2.0 Ok 13 IDS 2 accelerator board WS-SVC-IDSUPG 0347331976 2.0 Ok Mod Online Diag Status 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 15-3
Configuration Guide
Page 306
...the most recent version so that is accessible from your new sensor version: sensor# show version Application Partition: Cisco Intrusion Prevention System, Version 5.0(1)S149.0 OS Version 2.4.26-IDS-smp-bigphys Platform: AIP-SSM-20 Serial Number: 021 No license present Sensor up-time is ready if you cannot use it is ...-03-04T14:35:11-0600 2005-03-04T14:35:11-0600 Running Running Upgrade History: IDS-K9-maj-5.0-1- 14:16:00 UTC Thu Mar 04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 sensor# Upgrading the Recovery Partition Use the upgrade command to the filename. Note To upgrade the...
...the most recent version so that is accessible from your new sensor version: sensor# show version Application Partition: Cisco Intrusion Prevention System, Version 5.0(1)S149.0 OS Version 2.4.26-IDS-smp-bigphys Platform: AIP-SSM-20 Serial Number: 021 No license present Sensor up-time is ready if you cannot use it is ...-03-04T14:35:11-0600 2005-03-04T14:35:11-0600 Running Running Upgrade History: IDS-K9-maj-5.0-1- 14:16:00 UTC Thu Mar 04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 sensor# Upgrading the Recovery Partition Use the upgrade command to the filename. Note To upgrade the...
Configuration Guide
Page 313
... of this limitation, we recommend that is booting: Evaluating Run Options... Cisco ROMMON (1.4) #3: Mon Feb 23 15:52:45 MST 2004 Platform IDS-4215 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software on the same LAN segment as latency... page 17-13. TFTP does not address network issues such as the sensor. To install the IDS-4215 system image, follow these steps: Step 1 Step 2 Step 3 Download the IDS-4215 system image file (IPS-4215-K9-sys-1.1-a-5.0-1.img) to version 1.4 using the recover application-partition command or by ...
... of this limitation, we recommend that is booting: Evaluating Run Options... Cisco ROMMON (1.4) #3: Mon Feb 23 15:52:45 MST 2004 Platform IDS-4215 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software on the same LAN segment as latency... page 17-13. TFTP does not address network issues such as the sensor. To install the IDS-4215 system image, follow these steps: Step 1 Step 2 Step 3 Download the IDS-4215 system image file (IPS-4215-K9-sys-1.1-a-5.0-1.img) to version 1.4 using the recover application-partition command or by ...
Configuration Guide
Page 315
...in the file location. Note Make sure you are downloading the image: rommon> file path/filename UNIX example: rommon> file /system_images/IDS-4215-K9-sys-1.1-a-5.0-1.img Note The path is relative to the Ethernet port of POST, the console displays the message: Evaluating Run Options ...for IPS ... (IDS-4215-bios-5.1.7-rom-1.4.bin) to the TFTP root directory of IDS-4215 to version 5.1.7 and the ROMMON to display the ROMMON menu. Cisco ROMMON (1.2) #0: Mon May 12 10:21:46 MDT 2003 Platform IDS-4215 0: i8255X @ PCI(bus:0 dev:13 irq:11) 78-16527-01 Cisco Intrusion Prevention System Sensor CLI...
...in the file location. Note Make sure you are downloading the image: rommon> file path/filename UNIX example: rommon> file /system_images/IDS-4215-K9-sys-1.1-a-5.0-1.img Note The path is relative to the Ethernet port of POST, the console displays the message: Evaluating Run Options ...for IPS ... (IDS-4215-bios-5.1.7-rom-1.4.bin) to the TFTP root directory of IDS-4215 to version 5.1.7 and the ROMMON to display the ROMMON menu. Cisco ROMMON (1.2) #0: Mon May 12 10:21:46 MDT 2003 Platform IDS-4215 0: i8255X @ PCI(bus:0 dev:13 irq:11) 78-16527-01 Cisco Intrusion Prevention System Sensor CLI...
Configuration Guide
Page 318
... to begin boot immediately. rommon> PORT=interface_name 17-16 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for your local environment, contact your system...used for the TFTP download: Note The default interface used for IPS-4240 management • VLAN-VLAN ID number (leave as untagged) • Image-System image file and pathname • Config-Unused by...Installing System Images Chapter 17 Upgrading, Downgrading, and Installing System Images Step 3 Platform IPS-4240-K9 Management0/0 MAC Address: 0000.c0ff.ee01 Press Break or Esc at the following prompt while the...
... to begin boot immediately. rommon> PORT=interface_name 17-16 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for your local environment, contact your system...used for the TFTP download: Note The default interface used for IPS-4240 management • VLAN-VLAN ID number (leave as untagged) • Image-System image file and pathname • Config-Unused by...Installing System Images Chapter 17 Upgrading, Downgrading, and Installing System Images Step 3 Platform IPS-4240-K9 Management0/0 MAC Address: 0000.c0ff.ee01 Press Break or Esc at the following prompt while the...
Configuration Guide
Page 322
...# enable router(enable)# Session to NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 session 17-20 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software on Cisco.com, see Upgrading the Bootloader, page 17-22. For the procedure if... needed to reimage the NM-CIDS. To reimage NM-CIDS, follow these steps: Step 1 Download the NM-CIDS system image file (IPS-NM-CIDS-K9-sys...
...# enable router(enable)# Session to NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 session 17-20 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software on Cisco.com, see Upgrading the Bootloader, page 17-22. For the procedure if... needed to reimage the NM-CIDS. To reimage NM-CIDS, follow these steps: Step 1 Download the NM-CIDS system image file (IPS-NM-CIDS-K9-sys...
Configuration Guide
Page 323
...session by line. a. d. g. h. The bootloader command prompt appears. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for hosts on your subnet. Specify the IP address-The external fast ... Upgrading the Bootloader, page 17-22. Reset NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 reset Step 7 Step 8 You are prompted for 15 seconds: Please enter ...default boot device-The default boot device is boot helper IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img. Step 11 Configure the bootloader parameters: ServicesEngine boot-loader> config Step...
...session by line. a. d. g. h. The bootloader command prompt appears. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for hosts on your subnet. Specify the IP address-The external fast ... Upgrading the Bootloader, page 17-22. Reset NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 reset Step 7 Step 8 You are prompted for 15 seconds: Please enter ...default boot device-The default boot device is boot helper IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img. Step 11 Configure the bootloader parameters: ServicesEngine boot-loader> config Step...
Configuration Guide
Page 324
... and the bootloader is backwards compatible with the 1.0.5 bootloader. The 1.0.17-1 bootloader is upgraded to the router. 17-22 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software on NM-CIDS is 1.0.5. Therefore, you will fail. Step 2 Log in the future you... NM-CIDS. This means you can boot the IDS 4.1 image with the setup command. This version cannot launch IPS 5.0(1). You must first manually install bootloader version 1.0.17-1. The NM-CIDS system image (IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img) does not migrate your NM-CIDS' Ethernet...
... and the bootloader is backwards compatible with the 1.0.5 bootloader. The 1.0.17-1 bootloader is upgraded to the router. 17-22 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software on NM-CIDS is 1.0.5. Therefore, you will fail. Step 2 Log in the future you... NM-CIDS. This means you can boot the IDS 4.1 image with the setup command. This version cannot launch IPS 5.0(1). You must first manually install bootloader version 1.0.17-1. The NM-CIDS system image (IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img) does not migrate your NM-CIDS' Ethernet...
Configuration Guide
Page 343
...sensors to the product. Chapter 18 Obtaining Software Obtaining Cisco IPS Software 153352 Figure 18-1 IPS Software File Name IPS-maj-w.x-y-.pkg Update Type Major Version Level Minor Version Level Service Pack Level IDS-K9-sp-5.0-2-.pkg-Service Pack Update IDS-K9-min-5.1-1-.pkg-Minor Version Update IDS-K9...To install the most recent signature update, you are dependent on the most recent major version. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for minor enhancements to 5.0(1). The first minor version upgrade for service packs. The minor upgrade ...
...sensors to the product. Chapter 18 Obtaining Software Obtaining Cisco IPS Software 153352 Figure 18-1 IPS Software File Name IPS-maj-w.x-y-.pkg Update Type Major Version Level Minor Version Level Service Pack Level IDS-K9-sp-5.0-2-.pkg-Service Pack Update IDS-K9-min-5.1-1-.pkg-Minor Version Update IDS-K9...To install the most recent signature update, you are dependent on the most recent major version. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for minor enhancements to 5.0(1). The first minor version upgrade for service packs. The minor upgrade ...
Configuration Guide
Page 351
... interest. Under Subscription Information, click subscribe now. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for individual signatures, including signature ID, type, structure, and description. The Cisco Security Center contains a Security News section that lists security articles of... Issue, click Subscription Information. Chapter 18 Obtaining Software Cisco Security Center IDS-K9-maj-5.0-1- 14:16:00 UTC Thu Mar 04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 Step 7 sensor# Copy your license key from a sensor to a server to keep a backup copy of ...
... interest. Under Subscription Information, click subscribe now. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for individual signatures, including signature ID, type, structure, and description. The Cisco Security Center contains a Security News section that lists security articles of... Issue, click Subscription Information. Chapter 18 Obtaining Software Cisco Security Center IDS-K9-maj-5.0-1- 14:16:00 UTC Thu Mar 04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 Step 7 sensor# Copy your license key from a sensor to a server to keep a backup copy of ...
Configuration Guide
Page 435
... the AnalysisEngine is not running , follow these steps: Step 1 Step 2 Log in to it: sensor# show version Upgrade History: IDS-K9-maj-5.0-1- 14:16:00 UTC Thu Mar 04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for any errors connected to the CLI. Step 4 Make sure you...
... the AnalysisEngine is not running , follow these steps: Step 1 Step 2 Log in to it: sensor# show version Upgrade History: IDS-K9-maj-5.0-1- 14:16:00 UTC Thu Mar 04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for any errors connected to the CLI. Step 4 Make sure you...
Configuration Guide
Page 442
...: IDS-K9-sp-5.0-1.1- 12:53:00 UTC Fri Mar 18 2005 Recovery Partition Version 1.1 - 5.0(1.1) sensor# If MainApp displays Not Running, Network Access Controller has failed. Contact the TAC. Troubleshooting the 4200 Series Appliance Appendix C Troubleshooting 3. C-16 Cisco Intrusion Prevention System Sensor CLI... is running, use the show version Application Partition: Cisco Intrusion Prevention System, Version 5.0(1.1)S152.0 OS Version 2.4.26-IDS-smp-bigphys Platform: IPS-4255-K9 Serial Number: JAB0815R017 No license present Sensor up-time is properly configured. Note For a discussion...
...: IDS-K9-sp-5.0-1.1- 12:53:00 UTC Fri Mar 18 2005 Recovery Partition Version 1.1 - 5.0(1.1) sensor# If MainApp displays Not Running, Network Access Controller has failed. Contact the TAC. Troubleshooting the 4200 Series Appliance Appendix C Troubleshooting 3. C-16 Cisco Intrusion Prevention System Sensor CLI... is running, use the show version Application Partition: Cisco Intrusion Prevention System, Version 5.0(1.1)S152.0 OS Version 2.4.26-IDS-smp-bigphys Platform: IPS-4255-K9 Serial Number: JAB0815R017 No license present Sensor up-time is properly configured. Note For a discussion...
Configuration Guide
Page 443
..., and IP address). To verify that the State is connecting: Check the State section of the output to the CLI. sensor# show version Upgrade History: IDS-K9-maj-5.0-1- 14:16:00 UTC Thu Mar 04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 Step 5 Step 6 If you have...Read the Readme that all devices are connecting. For the procedure, see Device Access Issues, page C-18. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 C-17 Appendix C Troubleshooting Troubleshooting the 4200 Series Appliance Verifying Network Access Controller Connections are ...
..., and IP address). To verify that the State is connecting: Check the State section of the output to the CLI. sensor# show version Upgrade History: IDS-K9-maj-5.0-1- 14:16:00 UTC Thu Mar 04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 Step 5 Step 6 If you have...Read the Readme that all devices are connecting. For the procedure, see Device Access Issues, page C-18. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 C-17 Appendix C Troubleshooting Troubleshooting the 4200 Series Appliance Verifying Network Access Controller Connections are ...
Configuration Guide
Page 458
...with Windows FTP servers. C-32 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for troubleshooting automatic update: • Run tcpDump - Su to root and run tcpDump on the command and control interface to manually upgrade the sensor. Use the upgrade command to capture... the sensor is in front of responses. Create a service account. Figure C-1 IPS Software Filenames IPS-maj-w.x-y-.pkg Update Type Major Version Level Minor Version Level Service Pack Level IDS-K9-sp-5.0-2-.pkg-Service Pack Update IDS-K9-min-5.1-1-.pkg-Minor Version Update IDS-K9-maj-5.0-1-....
...with Windows FTP servers. C-32 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for troubleshooting automatic update: • Run tcpDump - Su to root and run tcpDump on the command and control interface to manually upgrade the sensor. Use the upgrade command to capture... the sensor is in front of responses. Create a service account. Figure C-1 IPS Software Filenames IPS-maj-w.x-y-.pkg Update Type Major Version Level Minor Version Level Service Pack Level IDS-K9-sp-5.0-2-.pkg-Service Pack Update IDS-K9-min-5.1-1-.pkg-Minor Version Update IDS-K9-maj-5.0-1-....
Configuration Guide
Page 477
...information: Note You can use the more current-config or show version Application Partition: Cisco Intrusion Prevention System, Version 5.0(0.27)S129.0 OS Version 2.4.26-IDS-smp-bigphys Platform: NM-CIDS Serial Number: JAD06490681 No license present Sensor up-time is using 39.5M out of 68.6M bytes of available disk space ...) (Release) (Release) 2005-02-09T03:22:27-0600 2005-02-09T03:22:27-0600 2005-02-09T03:22:27-0600 Running Running Upgrade History: IDS-K9-maj-5.0-0.27-S91-0.27-.pkg 03:00:00 UTC Thu Feb 05 2004 Recovery Partition Version 1.1 - 5.0(0.27)S91(0.27) nm-cids# Note If the...
...information: Note You can use the more current-config or show version Application Partition: Cisco Intrusion Prevention System, Version 5.0(0.27)S129.0 OS Version 2.4.26-IDS-smp-bigphys Platform: NM-CIDS Serial Number: JAD06490681 No license present Sensor up-time is using 39.5M out of 68.6M bytes of available disk space ...) (Release) (Release) 2005-02-09T03:22:27-0600 2005-02-09T03:22:27-0600 2005-02-09T03:22:27-0600 Running Running Upgrade History: IDS-K9-maj-5.0-0.27-S91-0.27-.pkg 03:00:00 UTC Thu Feb 05 2004 Recovery Partition Version 1.1 - 5.0(0.27)S91(0.27) nm-cids# Note If the...