Configuration Guide
Page 9
... 14-2 Sending Traffic to AIP-SSM 14-2 Overview 14-2 Configuring ASA to Send IPS Traffic to AIP-SSM 14-3 Reloading, Shutting Down, Resetting, and Recovering AIP-SSM 14-5 Configuring IDSM-2 15-1 Configuration Sequence 15-1 Verifying IDSM-2 Installation 15-2 Configuring the Catalyst 6500 Series Switch for...mls ip ids Command 15-14 Catalyst Software 15-15 Cisco IOS Software 15-15 Configuring the Catalyst Series 6500 Switch for IDSM-2 in Inline Mode 15-16 Catalyst Software 15-17 Cisco IOS Software 15-18 Configuring EtherChanneling 15-20 Overview 15-20 Cisco Intrusion Prevention System Sensor CLI ...
... 14-2 Sending Traffic to AIP-SSM 14-2 Overview 14-2 Configuring ASA to Send IPS Traffic to AIP-SSM 14-3 Reloading, Shutting Down, Resetting, and Recovering AIP-SSM 14-5 Configuring IDSM-2 15-1 Configuration Sequence 15-1 Verifying IDSM-2 Installation 15-2 Configuring the Catalyst 6500 Series Switch for...mls ip ids Command 15-14 Catalyst Software 15-15 Cisco IOS Software 15-15 Configuring the Catalyst Series 6500 Switch for IDSM-2 in Inline Mode 15-16 Catalyst Software 15-17 Cisco IOS Software 15-18 Configuring EtherChanneling 15-20 Overview 15-20 Cisco Intrusion Prevention System Sensor CLI ...
Configuration Guide
Page 10
... Engine Commands 15-29 Cisco IOS Software 15-29 EXEC Commands 15-30 Configuration Commands 15-31 Configuring NM-CIDS 16-1 Configuration Sequence 16-1 Configuring IDS-Sensor Interfaces on the Router ...Resetting NM-CIDS 16-7 Checking the Status of the Cisco IPS Software 16-7 Supported Cisco IOS Commands 16-8 Upgrading, Downgrading, and Installing System Images 17-1 Overview 17-1 Upgrading the Sensor 17-2 Overview 17-2 Upgrade Command and Options 17-2 Using the Upgrade Command 17-3 Upgrading the Recovery Partition 17-4 Configuring Automatic Upgrades 17-5 Cisco Intrusion Prevention System Sensor...
... Engine Commands 15-29 Cisco IOS Software 15-29 EXEC Commands 15-30 Configuration Commands 15-31 Configuring NM-CIDS 16-1 Configuration Sequence 16-1 Configuring IDS-Sensor Interfaces on the Router ...Resetting NM-CIDS 16-7 Checking the Status of the Cisco IPS Software 16-7 Supported Cisco IOS Commands 16-8 Upgrading, Downgrading, and Installing System Images 17-1 Overview 17-1 Upgrading the Sensor 17-2 Overview 17-2 Upgrade Command and Options 17-2 Using the Upgrade Command 17-3 Upgrading the Recovery Partition 17-4 Configuring Automatic Upgrades 17-5 Cisco Intrusion Prevention System Sensor...
Configuration Guide
Page 15
... Using the TCP Reset Interface C-44 Connecting a Serial Cable to IDSM-2 C-44 Troubleshooting AIP-SSM C-44 Gathering Information C-46 Tech Support Information C-47 Overview C-47 Displaying Tech Support Information C-47 Tech Support Command Output C-48 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for a Signature C-29 Software Upgrades C-31 IDS-4235 and IDS-4250 Hang During...
... Using the TCP Reset Interface C-44 Connecting a Serial Cable to IDSM-2 C-44 Troubleshooting AIP-SSM C-44 Gathering Information C-46 Tech Support Information C-47 Overview C-47 Displaying Tech Support Information C-47 Tech Support Command Output C-48 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for a Signature C-29 Software Upgrades C-31 IDS-4235 and IDS-4250 Hang During...
Configuration Guide
Page 64
To unlock jsmith's account, reset the password: sensor# configure terminal sensor(config)# password jsmith Enter New Login...time stamp, otherwise, you use an NTP time synchronization source. 4-18 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the sensor. You can set up NTP on the appliance during initialization or you...28. Configuring Time Chapter 4 Initial Configuration Tasks Step 8 sensor(config-aut)# exit sensor(config)# exit sensor# show users all CLI ID User Privilege * 1349 cisco administrator 5824 (jsmith) viewer 9802 tester operator The account ...
To unlock jsmith's account, reset the password: sensor# configure terminal sensor(config)# password jsmith Enter New Login...time stamp, otherwise, you use an NTP time synchronization source. 4-18 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the sensor. You can set up NTP on the appliance during initialization or you...28. Configuring Time Chapter 4 Initial Configuration Tasks Step 8 sensor(config-aut)# exit sensor(config)# exit sensor# show users all CLI ID User Privilege * 1349 cisco administrator 5824 (jsmith) viewer 9802 tester operator The account ...
Configuration Guide
Page 91
...cannot be monitored. • alt-tcp-reset-interface-Sends TCP resets out an alternate interface when this interface is protected) on modules (IDSM-2 NM-CIDS, and AIP-SSM) and appliances that only have one sensing interface (IDS-4210, IDS-4215,IDS-4235, and IDS-4250 without any additional NIC cards). ... is protected on which TCP resets should be sent out of this interface instead. • default-Sets the value back to half duplex. interface-name-The name of the interface on all modules. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for Gigabit interfaces...
...cannot be monitored. • alt-tcp-reset-interface-Sends TCP resets out an alternate interface when this interface is protected) on modules (IDSM-2 NM-CIDS, and AIP-SSM) and appliances that only have one sensing interface (IDS-4210, IDS-4215,IDS-4235, and IDS-4250 without any additional NIC cards). ... is protected on which TCP resets should be sent out of this interface instead. • default-Sets the value back to half duplex. interface-name-The name of the interface on all modules. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for Gigabit interfaces...
Configuration Guide
Page 110
...for attacker address Activate packet logging for victim address Activate packet logging for the filter: sensor(config-rul-fil)# show settings NAME: name1 signature-id-range: 1000-10005 default: 900-65535 subsignature-id-range: 1-5 default: 0-255 attacker-address-range: 10.89.10.10-10.89... reset-tcp-connection produce-alert produce-verbose-alert request-snmp-trap Request SHUN of connection Request SHUN of the filter to continue processing filters even if this item matches. f. False tells the sensor to either disabled or enabled. default 6-12 Cisco Intrusion Prevention System Sensor ...
...for attacker address Activate packet logging for victim address Activate packet logging for the filter: sensor(config-rul-fil)# show settings NAME: name1 signature-id-range: 1000-10005 default: 900-65535 subsignature-id-range: 1-5 default: 0-255 attacker-address-range: 10.89.10.10-10.89... reset-tcp-connection produce-alert produce-verbose-alert request-snmp-trap Request SHUN of connection Request SHUN of the filter to continue processing filters even if this item matches. f. False tells the sensor to either disabled or enabled. default 6-12 Cisco Intrusion Prevention System Sensor ...
Configuration Guide
Page 152
...request-block-host-Requests Network Access Controller to xxBx (destination address) for example. 7-34 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the META signature. - reset-tcp-connection-Sends TCP resets to reset the META signature. AaBb-Attacker and victim addresses and ports. - xxBx-Victim address. ...-key-Storage type for IPS 5.0 78-16527-01 The default is 0 to match this component on. • component-subsig-id-Subsignature ID of the active list. - Creating Custom Signatures Chapter 7 Defining Signatures - begin-Places the entry at the end of Axxx....
...request-block-host-Requests Network Access Controller to xxBx (destination address) for example. 7-34 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the META signature. - reset-tcp-connection-Sends TCP resets to reset the META signature. AaBb-Attacker and victim addresses and ports. - xxBx-Victim address. ...-key-Storage type for IPS 5.0 78-16527-01 The default is 0 to match this component on. • component-subsig-id-Subsignature ID of the active list. - Creating Custom Signatures Chapter 7 Defining Signatures - begin-Places the entry at the end of Axxx....
Configuration Guide
Page 153
... the signature on which to match this component sensor(config-sig-sig-met-com)# component-sig-id 3000 Step 10 Verify the settings: sensor(config-sig-sig-met-com)# exit sensor(config-sig-sig-met)# show settings meta event-action: produce-alert meta-reset-interval: 60 component-list (min: 1, max: 8, current: 2 - 2 active, 0 inactive ACTIVE list...
... the signature on which to match this component sensor(config-sig-sig-met-com)# component-sig-id 3000 Step 10 Verify the settings: sensor(config-sig-sig-met-com)# exit sensor(config-sig-sig-met)# show settings meta event-action: produce-alert meta-reset-interval: 60 component-list (min: 1, max: 8, current: 2 - 2 active, 0 inactive ACTIVE list...
Configuration Guide
Page 247
... configuration commands. Use the no display-serial command to reset the output to a serial connection. The display-serial command does not apply to the following platforms: • IDSM-2 • NM-CIDS • IDS-4215 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the Sensor Directing Output to the CLI prompt. The local console...
... configuration commands. Use the no display-serial command to reset the output to a serial connection. The display-serial command does not apply to the following platforms: • IDSM-2 • NM-CIDS • IDS-4215 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the Sensor Directing Output to the CLI prompt. The local console...
Configuration Guide
Page 261
...-pmap)# class my-ips-class asa(config-pmap-c)# ips promiscuous fail-close asa(config-pmap-c)# service-policy my-ids-policy global Reloading, Shutting Down, Resetting, and Recovering AIP-SSM Use the following example diverts all IP traffic to AIP-SSM in promiscuous mode, and...reset, and recover AIP-SSM directly from ASA: Note You can lead to unexpected consequences, for IPS 5.0 14-5 It is applicable when the card is in single routed mode and single transparent mode. For adaptive security devices operating in the Unresponsive state. 78-16527-01 Cisco Intrusion Prevention System Sensor...
...-pmap)# class my-ips-class asa(config-pmap-c)# ips promiscuous fail-close asa(config-pmap-c)# service-policy my-ids-policy global Reloading, Shutting Down, Resetting, and Recovering AIP-SSM Use the following example diverts all IP traffic to AIP-SSM in promiscuous mode, and...reset, and recover AIP-SSM directly from ASA: Note You can lead to unexpected consequences, for IPS 5.0 14-5 It is applicable when the card is in single routed mode and single transparent mode. For adaptive security devices operating in the Unresponsive state. 78-16527-01 Cisco Intrusion Prevention System Sensor...
Configuration Guide
Page 262
...URL location. Reloading, Shutting Down, Resetting, and Recovering AIP-SSM Chapter 14 Configuring AIP-SSM - Example: asa# hw-module module 1 recover configure Image URL [tftp://1.1.1.1/IPS-SSM-K9-sys-1.1-a-5.0-0.15-S91-0.15.img]: Port IP Address [1.1.1.23]: VLAN ID [0]: Gateway IP Address [0.0.0.0]:1.1.1.2 hostname...IPS 5.0 78-16527-01 Boot Recovery Image: No Image URL: tftp://1.1.1.1/IPS-SSM-K9-sys-1.1-a-5.0-0.15-S91-0.15.img Port IP Address: 1.1.1.23 Gateway IP Address: 1.1.1.2 VLAN ID: 0 14-6 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for module recovery.
...URL location. Reloading, Shutting Down, Resetting, and Recovering AIP-SSM Chapter 14 Configuring AIP-SSM - Example: asa# hw-module module 1 recover configure Image URL [tftp://1.1.1.1/IPS-SSM-K9-sys-1.1-a-5.0-0.15-S91-0.15.img]: Port IP Address [1.1.1.23]: VLAN ID [0]: Gateway IP Address [0.0.0.0]:1.1.1.2 hostname...IPS 5.0 78-16527-01 Boot Recovery Image: No Image URL: tftp://1.1.1.1/IPS-SSM-K9-sys-1.1-a-5.0-0.15-S91-0.15.img Port IP Address: 1.1.1.23 Gateway IP Address: 1.1.1.2 VLAN ID: 0 14-6 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for module recovery.
Configuration Guide
Page 269
...VACL) causes problems on the switch and traffic is captured for promiscuous analysis on its sensing ports. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IDSM-2 in Promiscuous Mode Traffic is not sent properly. For the procedure, see Initializing the... • Configuring SPAN, page 15-8 • Configuring VACLS, page 15-11 • Configuring the mls ip ids Command, page 15-14 Using the TCP Reset Interface The IDSM-2 has a TCP reset interface-port 1. Note Prior to Catalyst Software 8.4(3), IDSM-2 data ports defaulted to trunking no VLANs. The IDSM-2 ...
...VACL) causes problems on the switch and traffic is captured for promiscuous analysis on its sensing ports. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IDSM-2 in Promiscuous Mode Traffic is not sent properly. For the procedure, see Initializing the... • Configuring SPAN, page 15-8 • Configuring VACLS, page 15-11 • Configuring the mls ip ids Command, page 15-14 Using the TCP Reset Interface The IDSM-2 has a TCP reset interface-port 1. Note Prior to Catalyst Software 8.4(3), IDSM-2 data ports defaulted to trunking no VLANs. The IDSM-2 ...
Configuration Guide
Page 301
...the operating system on NM-CIDS: router# service-module ids-sensor slot_number/0 reload • reset-Resets the hardware on the router: router# service-module ids-sensor slot_number/0 status 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for NM-CIDS The following commands to... control NM-CIDS: shutdown, reload, and reset: • shutdown-Brings the operating system...
...the operating system on NM-CIDS: router# service-module ids-sensor slot_number/0 reload • reset-Resets the hardware on the router: router# service-module ids-sensor slot_number/0 status 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for NM-CIDS The following commands to... control NM-CIDS: shutdown, reload, and reset: • shutdown-Brings the operating system...
Configuration Guide
Page 302
.... - service-module ids-sensor slot_number/0 reset Provides a hardware reset to support NM-CIDS. service-module ids-sensor slot_number/0 shutdown Shuts down the IPS applications running on the specified interface are forwarded for monitoring. 16-8 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for... 1 Cisco Systems Intrusion Detection System Network Module Software version: 5.0(1)S42 Model: NM-CIDS Memory: 254676 KB Mgmt IP addr: xx.xx.xx.xx Mgmt web ports: 443 Mgmt TLS enabled: true Supported Cisco IOS Commands The service-module ids-sensor slot_number/0 Cisco IOS ...
.... - service-module ids-sensor slot_number/0 reset Provides a hardware reset to support NM-CIDS. service-module ids-sensor slot_number/0 shutdown Shuts down the IPS applications running on the specified interface are forwarded for monitoring. 16-8 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for... 1 Cisco Systems Intrusion Detection System Network Module Software version: 5.0(1)S42 Model: NM-CIDS Memory: 254676 KB Mgmt IP addr: xx.xx.xx.xx Mgmt web ports: 443 Mgmt TLS enabled: true Supported Cisco IOS Commands The service-module ids-sensor slot_number/0 Cisco IOS ...
Configuration Guide
Page 312
... boot to the reimaged application partition. Executing the recovery command in this command will be reset to default. Note The IP address, netmask, access lists, time zone, and offset... topics: • Overview, page 17-11 • Installing the IDS-4215 System Image, page 17-11 • Upgrading the IDS-4215 BIOS and ROMMON, page 17-13 • Installing the IPS-4240...page 17-25 • Installing the AIP-SSM System Image, page 17-36 17-10 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01 Installing System Images Chapter 17 Upgrading, Downgrading...
... boot to the reimaged application partition. Executing the recovery command in this command will be reset to default. Note The IP address, netmask, access lists, time zone, and offset... topics: • Overview, page 17-11 • Installing the IDS-4215 System Image, page 17-11 • Upgrading the IDS-4215 BIOS and ROMMON, page 17-13 • Installing the IPS-4240...page 17-25 • Installing the AIP-SSM System Image, page 17-36 17-10 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01 Installing System Images Chapter 17 Upgrading, Downgrading...
Configuration Guide
Page 323
...IDS-Sensor command to download the NM-CIDS system image. Step 11 Configure the bootloader parameters: ServicesEngine boot-loader> config Step 12 You are prompted to primary. a. b. d. Specify the default helper file-The name of the helper image to confirm. f. The bootloader command prompt appears. 78-16527-01 Cisco Intrusion Prevention System Sensor... by pressing Shift-Ctrl-6 X. Reset NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 reset Step 7 Step 8 You are... boot device is boot helper IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img. If you made any changes, the bootloader...
...IDS-Sensor command to download the NM-CIDS system image. Step 11 Configure the bootloader parameters: ServicesEngine boot-loader> config Step 12 You are prompted to primary. a. b. d. Specify the default helper file-The name of the helper image to confirm. f. The bootloader command prompt appears. 78-16527-01 Cisco Intrusion Prevention System Sensor... by pressing Shift-Ctrl-6 X. Reset NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 reset Step 7 Step 8 You are... boot device is boot helper IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img. If you made any changes, the bootloader...
Configuration Guide
Page 325
... your subnet. Specify the gateway IP address-The IP address of the TFTP server from the TFTP server. Reset NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 reset Step 7 Step 8 You are prompted for hosts on your network. c. Boot the helper image: ServicesEngine .... h. Specify the default bootloader-The default bootloader is booted. When the helper is loaded, it launches. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for 15 seconds: Please enter '***' to boot. The NM-CIDS helper displays its version, the bootloader displays...
... your subnet. Specify the gateway IP address-The IP address of the TFTP server from the TFTP server. Reset NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 reset Step 7 Step 8 You are prompted for hosts on your network. c. Boot the helper image: ServicesEngine .... h. Specify the default bootloader-The default bootloader is booted. When the helper is loaded, it launches. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for 15 seconds: Please enter '***' to boot. The NM-CIDS helper displays its version, the bootloader displays...
Configuration Guide
Page 363
... • Time (UTC and local time) • Signature name • Signature ID • Subsignature ID • Version • Summary • Interface group 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 A-9 SensorApp and Network Access Controller log response actions (TCP resets, IP logging start and stop, blocking start and stop, trigger packet...
... • Time (UTC and local time) • Signature name • Signature ID • Subsignature ID • Version • Summary • Interface group 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 A-9 SensorApp and Network Access Controller log response actions (TCP resets, IP logging start and stop, blocking start and stop, trigger packet...
Configuration Guide
Page 396
... B-2 on which the signature was most recently updated. release status Whether the signature is reset. 2 to 1000 promisc-delta Delta value used to determine seriousness of the alert. 0... or retired. sig-comment alert-traits Traits you can configure the signature to counter IDS DoS tools, such as stick. event-count Number of this signature. 0 to ...Specifies the engine the signature belongs to count events for your description of the signature. Cisco Intrusion Prevention System Sensor CLI Configuration Guide for event count settings. - sig-name Name of the signature. ...
... B-2 on which the signature was most recently updated. release status Whether the signature is reset. 2 to 1000 promisc-delta Delta value used to determine seriousness of the alert. 0... or retired. sig-comment alert-traits Traits you can configure the signature to counter IDS DoS tools, such as stick. event-count Number of this signature. 0 to ...Specifies the engine the signature belongs to count events for your description of the signature. Cisco Intrusion Prevention System Sensor CLI Configuration Guide for event count settings. - sig-name Name of the signature. ...
Configuration Guide
Page 441
...topics. • Troubleshooting Blocking, page C-15 • Verifying Network Access Controller is running . Step 10 Reboot the sensor: sensor# reset Warning: Executing this command will stop functioning and generate a core file. To troubleshoot Network Access Controller, follow these steps:...1. For the procedure for checking IDS-4250-XL for blocking and the Network Access Controller service. For the procedure see Verifying Network Access Controller Connections are Active, page C-17. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for a Signature...
...topics. • Troubleshooting Blocking, page C-15 • Verifying Network Access Controller is running . Step 10 Reboot the sensor: sensor# reset Warning: Executing this command will stop functioning and generate a core file. To troubleshoot Network Access Controller, follow these steps:...1. For the procedure for checking IDS-4250-XL for blocking and the Network Access Controller service. For the procedure see Verifying Network Access Controller Connections are Active, page C-17. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for a Signature...