Configuration Guide
Page 9
... 15-12 Cisco IOS Software 15-13 Configuring the mls ip ids Command 15-14 Catalyst Software 15-15 Cisco IOS Software 15-15 Configuring the Catalyst Series 6500 Switch for IDSM-2 in Inline Mode 15-16 Catalyst Software 15-17 Cisco IOS Software 15-18 Configuring EtherChanneling 15-20 Overview 15-20 Cisco Intrusion Prevention System Sensor CLI Configuration Guide...
... 15-12 Cisco IOS Software 15-13 Configuring the mls ip ids Command 15-14 Catalyst Software 15-15 Cisco IOS Software 15-15 Configuring the Catalyst Series 6500 Switch for IDSM-2 in Inline Mode 15-16 Catalyst Software 15-17 Cisco IOS Software 15-18 Configuring EtherChanneling 15-20 Overview 15-20 Cisco Intrusion Prevention System Sensor CLI Configuration Guide...
Configuration Guide
Page 10
...Unsupported Supervisor Engine Commands 15-29 Cisco IOS Software 15-29 EXEC Commands 15-30 Configuration Commands 15-31 Configuring NM-CIDS 16-1 Configuration Sequence 16-1 Configuring IDS-Sensor Interfaces on the Router 16-2 ...Cisco IPS Software 16-7 Supported Cisco IOS Commands 16-8 Upgrading, Downgrading, and Installing System Images 17-1 Overview 17-1 Upgrading the Sensor 17-2 Overview 17-2 Upgrade Command and Options 17-2 Using the Upgrade Command 17-3 Upgrading the Recovery Partition 17-4 Configuring Automatic Upgrades 17-5 Cisco Intrusion Prevention System Sensor CLI Configuration...
...Unsupported Supervisor Engine Commands 15-29 Cisco IOS Software 15-29 EXEC Commands 15-30 Configuration Commands 15-31 Configuring NM-CIDS 16-1 Configuration Sequence 16-1 Configuring IDS-Sensor Interfaces on the Router 16-2 ...Cisco IPS Software 16-7 Supported Cisco IOS Commands 16-8 Upgrading, Downgrading, and Installing System Images 17-1 Overview 17-1 Upgrading the Sensor 17-2 Overview 17-2 Upgrade Command and Options 17-2 Using the Upgrade Command 17-3 Upgrading the Recovery Partition 17-4 Configuring Automatic Upgrades 17-5 Cisco Intrusion Prevention System Sensor CLI Configuration...
Configuration Guide
Page 11
...auto-upgrade Command 17-7 Downgrading the Sensor 17-8 Recovering the Application Partition 17-9 Overview 17-9 Using the Recover Command 17-9 Installing System Images 17-10 Overview 17-11 Installing the IDS-4215 System Image 17-11 Upgrading the IDS-4215 BIOS and ROMMON 17-13 Installing ...Key From Cisco.com 18-6 Overview 18-6 Service Programs for IPS Products 18-7 Installing the License Key 18-8 Using IDM 18-8 Using the CLI 18-9 Cisco Security Center 18-11 Cisco IPS Active Update Bulletins 18-11 Accessing IPS Documentation 18-12 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for ...
...auto-upgrade Command 17-7 Downgrading the Sensor 17-8 Recovering the Application Partition 17-9 Overview 17-9 Using the Recover Command 17-9 Installing System Images 17-10 Overview 17-11 Installing the IDS-4215 System Image 17-11 Upgrading the IDS-4215 BIOS and ROMMON 17-13 Installing ...Key From Cisco.com 18-6 Overview 18-6 Service Programs for IPS Products 18-7 Installing the License Key 18-8 Using IDM 18-8 Using the CLI 18-9 Cisco Security Center 18-11 Cisco IPS Active Update Bulletins 18-11 Accessing IPS Documentation 18-12 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for ...
Configuration Guide
Page 14
...C-1 Disaster Recovery C-2 Password Recovery C-3 Troubleshooting the 4200 Series Appliance C-3 Communication Problems C-4 Cannot Access the Sensor CLI Through Telnet or SSH C-4 Misconfigured Access List C-6 Duplicate IP Address Shuts Interface Down C-7 SensorApp and ...Sensor Not Seeing Packets C-13 Cleaning Up a Corrupted SensorApp Configuration C-14 Bad Memory on IDS-4250-XL C-15 Blocking C-15 Troubleshooting Blocking C-15 Verifying Network Access Controller is Running C-16 Verifying Network Access Controller Connections are Active C-17 Cisco Intrusion Prevention System Sensor CLI Configuration...
...C-1 Disaster Recovery C-2 Password Recovery C-3 Troubleshooting the 4200 Series Appliance C-3 Communication Problems C-4 Cannot Access the Sensor CLI Through Telnet or SSH C-4 Misconfigured Access List C-6 Duplicate IP Address Shuts Interface Down C-7 SensorApp and ...Sensor Not Seeing Packets C-13 Cleaning Up a Corrupted SensorApp Configuration C-14 Bad Memory on IDS-4250-XL C-15 Blocking C-15 Troubleshooting Blocking C-15 Verifying Network Access Controller is Running C-16 Verifying Network Access Controller Connections are Active C-17 Cisco Intrusion Prevention System Sensor CLI Configuration...
Configuration Guide
Page 15
...Blocking Not Occurring for a Signature C-21 Verifying the Master Blocking Sensor Configuration C-22 Logging C-23 Enabling Debug Logging C-23 Zone Names C-27 Directing cidLog Messages to SysLog C-28 Verifying the Sensor is Synchronized with the NTP Server C-29 TCP Reset Not ...IDS-4235 and IDS-4250 Hang During A Software Upgrade C-31 Which Updates to IDSM-2 C-44 Troubleshooting AIP-SSM C-44 Gathering Information C-46 Tech Support Information C-47 Overview C-47 Displaying Tech Support Information C-47 Tech Support Command Output C-48 Cisco Intrusion Prevention System Sensor CLI Configuration ...
...Blocking Not Occurring for a Signature C-21 Verifying the Master Blocking Sensor Configuration C-22 Logging C-23 Enabling Debug Logging C-23 Zone Names C-27 Directing cidLog Messages to SysLog C-28 Verifying the Sensor is Synchronized with the NTP Server C-29 TCP Reset Not ...IDS-4235 and IDS-4250 Hang During A Software Upgrade C-31 Which Updates to IDSM-2 C-44 Troubleshooting AIP-SSM C-44 Gathering Information C-46 Tech Support Information C-47 Overview C-47 Displaying Tech Support Information C-47 Tech Support Command Output C-48 Cisco Intrusion Prevention System Sensor CLI Configuration ...
Configuration Guide
Page 31
... modifications are limited to three concurrent CLI session. 2 C H A P T E R Logging In to the Sensor This chapter explains how to log in with the service role. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for support and troubleshooting purposes only. You can log in to the... • Viewer • Service The service role does not have direct access to guarantee proper operation. IDS-4210, IDS-4215, and NM-CIDS are not supported and will require the sensor to be reimaged to the CLI. Service account users are logged directly into a bash shell.
... modifications are limited to three concurrent CLI session. 2 C H A P T E R Logging In to the Sensor This chapter explains how to log in with the service role. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for support and troubleshooting purposes only. You can log in to the... • Viewer • Service The service role does not have direct access to guarantee proper operation. IDS-4210, IDS-4215, and NM-CIDS are not supported and will require the sensor to be reimaged to the CLI. Service account users are logged directly into a bash shell.
Configuration Guide
Page 33
...mode, type the following methods: • For IDS-4215, IPS-4240, and IPS-4255: - Use the no display-serial command to redirect output to the keyboard and monitor. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for all other supported appliances, to direct all... output to the terminal server, log in to the CLI and type the following commands: sensor# configure terminal sensor(config)# display-serial Output is ...
...mode, type the following methods: • For IDS-4215, IPS-4240, and IPS-4255: - Use the no display-serial command to redirect output to the keyboard and monitor. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for all other supported appliances, to direct all... output to the terminal server, log in to the CLI and type the following commands: sensor# configure terminal sensor(config)# display-serial Output is ...
Configuration Guide
Page 34
...session can remain open. When terminal sessions are available. If a terminal session is not stopped properly, that is opened on an IDS-4215, IPS-4240, and IPS-4255; To session to IDSM-2, follow these steps Step 1 Session to IDSM-2 from the switch. ... Catalyst Software: cat6k>(enable) session slot_number • For Cisco IOS software: router# session slot_number processor 1 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 2-4 78-16527-01 Logging In to IDSM-2 Chapter 2 Logging In to the Sensor Note You can set up a terminal server and use ...
...session can remain open. When terminal sessions are available. If a terminal session is not stopped properly, that is opened on an IDS-4215, IPS-4240, and IPS-4255; To session to IDSM-2, follow these steps Step 1 Session to IDSM-2 from the switch. ... Catalyst Software: cat6k>(enable) session slot_number • For Cisco IOS software: router# session slot_number processor 1 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 2-4 78-16527-01 Logging In to IDSM-2 Chapter 2 Logging In to the Sensor Note You can set up a terminal server and use ...
Configuration Guide
Page 35
... install a license. Importers, exporters, distributors and users are available. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for compliance with U.S. By using the session command until you do this either by assigning an IP address directly to the IDS interface or by sending email to NM-CIDS from the router. Please go...
... install a license. Importers, exporters, distributors and users are available. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for compliance with U.S. By using the session command until you do this either by assigning an IP address directly to the IDS interface or by sending email to NM-CIDS from the router. Please go...
Configuration Guide
Page 36
... default username and password are responsible for IPS 5.0 2-6 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for compliance with U.S. Session to NM-CIDS through the router console: service-module IDS-Sensor slot_number/0 session Type your username and password at : http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you sessioned to the...
... default username and password are responsible for IPS 5.0 2-6 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for compliance with U.S. Session to NM-CIDS through the router console: service-module IDS-Sensor slot_number/0 session Type your username and password at : http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you sessioned to the...
Configuration Guide
Page 40
...other Administrator can log in the System Configuration Dialog if the system is an appliance and is configured to set the date and time in and assign a new password to IDSM-2: - Note You cannot use a monitor and keyboard with IDS-4215, IPS-4240, or IPS-4255. ... the Sensor Chapter 3 Initializing the Sensor You can configure daylight savings time either in to the sensor you may have to the virtual sensor. Passwords must be at least eight characters long and be strong, that is another user with a monitor and keyboard. Cisco Intrusion Prevention System Sensor CLI Configuration Guide ...
...other Administrator can log in the System Configuration Dialog if the system is an appliance and is configured to set the date and time in and assign a new password to IDSM-2: - Note You cannot use a monitor and keyboard with IDS-4215, IPS-4240, or IPS-4255. ... the Sensor Chapter 3 Initializing the Sensor You can configure daylight savings time either in to the sensor you may have to the virtual sensor. Passwords must be at least eight characters long and be strong, that is another user with a monitor and keyboard. Cisco Intrusion Prevention System Sensor CLI Configuration Guide ...
Configuration Guide
Page 42
...IP address and netmask of the entry and press Enter, or press Enter to get to the access list. c. For the procedure, see Configuring the Sensor to the next step. a. If your browser when you want to add to the IDM in the form of IP Address/Netmask/Gateway: ...Source, page 4-29. You will need the NTP server IP address, the NTP key ID, and the NTP key value. If you chose recurring, specify the month you can disable or enable Telnet services. The default is 443. Cisco Intrusion Prevention System Sensor CLI Configuration Guide for example, https://10.1.9.201:1040).
...IP address and netmask of the entry and press Enter, or press Enter to get to the access list. c. For the procedure, see Configuring the Sensor to the next step. a. If your browser when you want to add to the IDM in the form of IP Address/Netmask/Gateway: ...Source, page 4-29. You will need the NTP server IP address, the NTP key ID, and the NTP key value. If you chose recurring, specify the month you can disable or enable Telnet services. The default is 443. Cisco Intrusion Prevention System Sensor CLI Configuration Guide for example, https://10.1.9.201:1040).
Configuration Guide
Page 55
...yes]: Press Enter to apply the changes or type no to the Internet. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 4-9 Change the server-id to anything that does not reveal any information, especially if your web server is the protocol ... port, whether TLS encryption is present. If the IPS web server identified itself in each response. HTTP is available to discard them. Chapter 4 Initial Configuration Tasks Changing Web Server Settings Step 5 Step 6 Step 7 Step 8 access-list (min: 0, max: 512, current: 1 network-address: 0.0.0.0/0 ...
...yes]: Press Enter to apply the changes or type no to the Internet. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 4-9 Change the server-id to anything that does not reveal any information, especially if your web server is the protocol ... port, whether TLS encryption is present. If the IPS web server identified itself in each response. HTTP is available to discard them. Chapter 4 Initial Configuration Tasks Changing Web Server Settings Step 5 Step 6 Step 7 Step 8 access-list (min: 0, max: 512, current: 1 network-address: 0.0.0.0/0 ...
Configuration Guide
Page 56
... re-started . Move along . Move along . Verify the web server changes: sensor(config-web)# show settings enable-tls: true port: 443 server-id: HTTP/1.1 compliant sensor(config-web)# Exit web server submode: sensor(config-web)# exit Apply Changes:?[yes]: 4-10 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01 This change the port number...
... re-started . Move along . Move along . Verify the web server changes: sensor(config-web)# show settings enable-tls: true port: 443 server-id: HTTP/1.1 compliant sensor(config-web)# Exit web server submode: sensor(config-web)# exit Apply Changes:?[yes]: 4-10 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01 This change the port number...
Configuration Guide
Page 58
... privilege. Step 4 Step 5 Verify that the user has been added: sensor(config)# exit sensor# show users all CLI ID User * 13491 cisco jsmith jtaylor jroberts sensor# Privilege administrator operator service viewer A list of the command: sensor# configure terminal sensor(config)# no username jsmith 4-12 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the password prompt. are allowed. A valid password is displayed...
... privilege. Step 4 Step 5 Verify that the user has been added: sensor(config)# exit sensor# show users all CLI ID User * 13491 cisco jsmith jtaylor jroberts sensor# Privilege administrator operator service viewer A list of the command: sensor# configure terminal sensor(config)# no username jsmith 4-12 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the password prompt. are allowed. A valid password is displayed...
Configuration Guide
Page 59
...account. However, you want to the sensor, only one user can have been added. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for support purposes only. Adding ...services to user root using either the recovery partition or a system image file. Caution Do not make modifications to enter the new password twice. Chapter 4 Initial Configuration Tasks Step 6 Verify that the user has been removed: sensor(config)# exit sensor# show users all CLI ID...
...account. However, you want to the sensor, only one user can have been added. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for support purposes only. Adding ...services to user root using either the recovery partition or a system image file. Caution Do not make modifications to enter the new password twice. Chapter 4 Initial Configuration Tasks Step 6 Verify that the user has been removed: sensor(config)# exit sensor# show users all CLI ID...
Configuration Guide
Page 61
...privilege of the user jsmith: sensor# show users all CLI ID User * 13491 cisco jsmith operator service viewer sensor# Privilege administrator viewer operator service viewer Change the privilege level from viewer to operator: sensor# configure terminal sensor(config)# privilege user jsmith ...the CLI. For the procedure, see Creating the Service Account, page 4-13. Enter configuration mode: sensor# configure terminal c. sensor(config)# 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the user "tester." There can only be applied to current CLI sessions....
...privilege of the user jsmith: sensor# show users all CLI ID User * 13491 cisco jsmith operator service viewer sensor# Privilege administrator viewer operator service viewer Change the privilege level from viewer to operator: sensor# configure terminal sensor(config)# privilege user jsmith ...the CLI. For the procedure, see Creating the Service Account, page 4-13. Enter configuration mode: sensor# configure terminal c. sensor(config)# 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the user "tester." There can only be applied to current CLI sessions....
Configuration Guide
Page 62
...configured attempts. IDS-4210, IDS-4215, and NM-CIDS are limited to the CLI using an account with administrator privileges. If an account is locked, the username is administrator Viewing User Status Use the show users all CLI ID User * 13491 cisco 5824 (jsmith) 9802 tester sensor... jsmith is locked. 4-16 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01 Verify the users logged in to the sensor: sensor# show users CLI ID User * 13491 cisco sensor# Privilege administrator Verify all users: sensor# show users command to view...
...configured attempts. IDS-4210, IDS-4215, and NM-CIDS are limited to the CLI using an account with administrator privileges. If an account is locked, the username is administrator Viewing User Status Use the show users all CLI ID User * 13491 cisco 5824 (jsmith) 9802 tester sensor... jsmith is locked. 4-16 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01 Verify the users logged in to the sensor: sensor# show users CLI ID User * 13491 cisco sensor# Privilege administrator Verify all users: sensor# show users command to view...
Configuration Guide
Page 64
... time synchronization source. 4-18 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the sensor. You can set the time on the Sensor, page 4-21 • Configuring NTP, page 4-27 Time Sources and the Sensor The sensor requires a reliable time source. When you initialize the sensor, you set up NTP on...22. - You will need the NTP server IP address, the NTP key ID, and the NTP key value. Use the clock set the time. For the procedure, see Initializing the Sensor, page 3-2. See Configuring a Cisco Router to set command to be an NTP Server, page 4-28. To...
... time synchronization source. 4-18 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the sensor. You can set the time on the Sensor, page 4-21 • Configuring NTP, page 4-27 Time Sources and the Sensor The sensor requires a reliable time source. When you initialize the sensor, you set up NTP on...22. - You will need the NTP server IP address, the NTP key ID, and the NTP key value. Use the clock set the time. For the procedure, see Initializing the Sensor, page 3-2. See Configuring a Cisco Router to set command to be an NTP Server, page 4-28. To...
Configuration Guide
Page 65
... initialization or you use an NTP time synchronization source. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 4-19 IDSM-2's local time could be an NTP Server, page 4-28. You can configure NM-CIDS to set up NTP through the CLI, IDM, or ASDM... source. • For NM-CIDS - See Configuring a Cisco Router to ensure that the UTC time settings are correct. You will need the NTP server IP address, the NTP key ID, and the NTP key value. Chapter 4 Initial Configuration Tasks Configuring Time • For IDSM-2 - This is the...
... initialization or you use an NTP time synchronization source. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 4-19 IDSM-2's local time could be an NTP Server, page 4-28. You can configure NM-CIDS to set up NTP through the CLI, IDM, or ASDM... source. • For NM-CIDS - See Configuring a Cisco Router to ensure that the UTC time settings are correct. You will need the NTP server IP address, the NTP key ID, and the NTP key value. Chapter 4 Initial Configuration Tasks Configuring Time • For IDSM-2 - This is the...