Configuration Guide
Page 10
...15-28 Unsupported Supervisor Engine Commands 15-29 Cisco IOS Software 15-29 EXEC Commands 15-30 Configuration Commands 15-31 Configuring NM-CIDS 16-1 Configuration Sequence 16-1 Configuring IDS-Sensor Interfaces on the Router 16-2 Establishing NM... Cisco IPS Software 16-7 Supported Cisco IOS Commands 16-8 Upgrading, Downgrading, and Installing System Images 17-1 Overview 17-1 Upgrading the Sensor 17-2 Overview 17-2 Upgrade Command and Options 17-2 Using the Upgrade Command 17-3 Upgrading the Recovery Partition 17-4 Configuring Automatic Upgrades 17-5 Cisco Intrusion Prevention System Sensor CLI...
...15-28 Unsupported Supervisor Engine Commands 15-29 Cisco IOS Software 15-29 EXEC Commands 15-30 Configuration Commands 15-31 Configuring NM-CIDS 16-1 Configuration Sequence 16-1 Configuring IDS-Sensor Interfaces on the Router 16-2 Establishing NM... Cisco IPS Software 16-7 Supported Cisco IOS Commands 16-8 Upgrading, Downgrading, and Installing System Images 17-1 Overview 17-1 Upgrading the Sensor 17-2 Overview 17-2 Upgrade Command and Options 17-2 Using the Upgrade Command 17-3 Upgrading the Recovery Partition 17-4 Configuring Automatic Upgrades 17-5 Cisco Intrusion Prevention System Sensor CLI...
Configuration Guide
Page 11
... 18-4 Upgrading Cisco IPS Software to 5.0 18-5 Obtaining a License Key From Cisco.com 18-6 Overview 18-6 Service Programs for IPS Products 18-7 Installing the License Key 18-8 Using IDM 18-8 Using the CLI 18-9 Cisco Security Center 18-11 Cisco IPS Active Update Bulletins 18-11 Accessing IPS Documentation 18-12 Cisco Intrusion Prevention System Sensor CLI Configuration...
... 18-4 Upgrading Cisco IPS Software to 5.0 18-5 Obtaining a License Key From Cisco.com 18-6 Overview 18-6 Service Programs for IPS Products 18-7 Installing the License Key 18-8 Using IDM 18-8 Using the CLI 18-9 Cisco Security Center 18-11 Cisco IPS Active Update Bulletins 18-11 Accessing IPS Documentation 18-12 Cisco Intrusion Prevention System Sensor CLI Configuration...
Configuration Guide
Page 15
...C-19 Enabling SSH Connections to the Network Device C-20 Blocking Not Occurring for a Signature C-21 Verifying the Master Blocking Sensor Configuration C-22 Logging C-23 Enabling Debug Logging C-23 Zone Names C-27 Directing cidLog Messages to Apply and Their Prerequisites C-... Command Output C-48 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for a Signature C-29 Software Upgrades C-31 IDS-4235 and IDS-4250 Hang During A Software Upgrade C-31 Which Updates to SysLog C-28 Verifying the Sensor is Synchronized with the Update Stored on the Sensor C-33 UNIX-Style Directory...
...C-19 Enabling SSH Connections to the Network Device C-20 Blocking Not Occurring for a Signature C-21 Verifying the Master Blocking Sensor Configuration C-22 Logging C-23 Enabling Debug Logging C-23 Zone Names C-27 Directing cidLog Messages to Apply and Their Prerequisites C-... Command Output C-48 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for a Signature C-29 Software Upgrades C-31 IDS-4235 and IDS-4250 Hang During A Software Upgrade C-31 Which Updates to SysLog C-28 Verifying the Sensor is Synchronized with the Update Stored on the Sensor C-33 UNIX-Style Directory...
Configuration Guide
Page 40
... and is another user with administrator privileges: • Log in to the appliance by using NTP. Cisco Intrusion Prevention System Sensor CLI Configuration Guide for support purposes, you select date mode, the start and end days are based ...Cisco IOS software: router# session slot slot_number processor 1 • Session to NM-CIDS: router# service-module IDS-Sensor slot_number/port_number session • Session to IDSM-2: - For more information, see Chapter 17, "Upgrading, Downgrading, and Installing System Images"), unless there is NOT using a serial connection or with IDS-4215...
... and is another user with administrator privileges: • Log in to the appliance by using NTP. Cisco Intrusion Prevention System Sensor CLI Configuration Guide for support purposes, you select date mode, the start and end days are based ...Cisco IOS software: router# session slot slot_number processor 1 • Session to NM-CIDS: router# service-module IDS-Sensor slot_number/port_number session • Session to IDSM-2: - For more information, see Chapter 17, "Upgrading, Downgrading, and Installing System Images"), unless there is NOT using a serial connection or with IDS-4215...
Configuration Guide
Page 59
... 6 Verify that the user has been removed: sensor(config)# exit sensor# show users all CLI ID User * 13491 cisco jtaylor jroberts sensor# Privilege administrator service viewer The user jsmith has ... services. For more information, see Chapter 17, "Upgrading, Downgrading, and Installing System Images." TAC does not support a sensor on which makes the system vulnerable. root. Although more... the system, which additional services have been added. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for support purposes only. Note You cannot use during...
... 6 Verify that the user has been removed: sensor(config)# exit sensor# show users all CLI ID User * 13491 cisco jtaylor jroberts sensor# Privilege administrator service viewer The user jsmith has ... services. For more information, see Chapter 17, "Upgrading, Downgrading, and Installing System Images." TAC does not support a sensor on which makes the system vulnerable. root. Although more... the system, which additional services have been added. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for support purposes only. Note You cannot use during...
Configuration Guide
Page 86
Installing the License Key Chapter 4 Initial Configuration Tasks Upgrade History: IDS-K9-maj-5.0-1- 14:16:00 UTC Thu Mar 04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 Step 7 sensor# Copy your license key from a sensor to a server to keep a backup copy of the license: sensor# copy license-key scp://[email protected]://tftpboot/dev.lic Password: ******* sensor# 4-40 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01
Installing the License Key Chapter 4 Initial Configuration Tasks Upgrade History: IDS-K9-maj-5.0-1- 14:16:00 UTC Thu Mar 04 2004 Recovery Partition Version 1.1 - 5.0(1)S149 Step 7 sensor# Copy your license key from a sensor to a server to keep a backup copy of the license: sensor# copy license-key scp://[email protected]://tftpboot/dev.lic Password: ******* sensor# 4-40 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01
Configuration Guide
Page 246
...2005-02-09T03:22:27-0600 Running Running Upgrade History: IDS-K9-maj-5.0-0.27-S91-0.27-.pkg 03:00:00 UTC Thu Feb 05 2004 Recovery Partition Version 1.1 - 5.0(0.27)S91(0.27) nm-cids# 13-20 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for NM-CIDS: nm...-cids# show version Application Partition: Cisco Intrusion Prevention System, Version 5.0(0.29)S135.0 OS Version 2.4.26-IDS-smp-bigphys Platform: IPS-4255-K9 Serial Number: JAB0815R017 No license...
...2005-02-09T03:22:27-0600 Running Running Upgrade History: IDS-K9-maj-5.0-0.27-S91-0.27-.pkg 03:00:00 UTC Thu Feb 05 2004 Recovery Partition Version 1.1 - 5.0(0.27)S91(0.27) nm-cids# 13-20 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for NM-CIDS: nm...-cids# show version Application Partition: Cisco Intrusion Prevention System, Version 5.0(0.29)S135.0 OS Version 2.4.26-IDS-smp-bigphys Platform: IPS-4255-K9 Serial Number: JAB0815R017 No license...
Configuration Guide
Page 269
...and traffic is captured for promiscuous analysis on its sensing ports. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IDSM-2 in Promiscuous Mode Step 5 idsm-2# exit [Connection ...different traffic. Make sure that they are trunking the proper VLANs, especially if you upgrading from pre-8.4(3) to be either SPAN destination ports or VACL capture ports. Chapter 15...; Configuring the mls ip ids Command, page 15-14 Using the TCP Reset Interface The IDSM-2 has a TCP reset interface-port 1. For the procedure, see Initializing the Sensor, page 3-2. Note Prior to...
...and traffic is captured for promiscuous analysis on its sensing ports. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IDSM-2 in Promiscuous Mode Step 5 idsm-2# exit [Connection ...different traffic. Make sure that they are trunking the proper VLANs, especially if you upgrading from pre-8.4(3) to be either SPAN destination ports or VACL capture ports. Chapter 15...; Configuring the mls ip ids Command, page 15-14 Using the TCP Reset Interface The IDSM-2 has a TCP reset interface-port 1. For the procedure, see Initializing the Sensor, page 3-2. Note Prior to...
Configuration Guide
Page 296
For the procedures, see Obtaining Cisco IPS Software, page 18-1. 10. Upgrade the IPS software with the port number corresponding to Cisco IOS CLI. When you issue the service-module ids-sensor slot_number/0 session command, you create a console session with NM-CIDS, in which makes the system vulnerable.../0 session command on the Router NM-CIDS does not have an external console port. The lack of the ids-sensor interface. Configure intrusion detection. Configuring IDS-Sensor Interfaces on the router, or when you are returned to the NM-CIDS slot. To configure the NM-CIDS...
For the procedures, see Obtaining Cisco IPS Software, page 18-1. 10. Upgrade the IPS software with the port number corresponding to Cisco IOS CLI. When you issue the service-module ids-sensor slot_number/0 session command, you create a console session with NM-CIDS, in which makes the system vulnerable.../0 session command on the Router NM-CIDS does not have an external console port. The lack of the ids-sensor interface. Configure intrusion detection. Configuring IDS-Sensor Interfaces on the router, or when you are returned to the NM-CIDS slot. To configure the NM-CIDS...
Configuration Guide
Page 306
... Installing System Images Step 7 Verify your new sensor version: sensor# show version Application Partition: Cisco Intrusion Prevention System, Version 5.0(1)S149.0 OS Version 2.4.26-IDS-smp-bigphys Platform: AIP-SSM-20 Serial Number: 021 No license present Sensor up-time is accessible from your sensor. Note To upgrade the recovery partition the sensor must match what is ready if you...
... Installing System Images Step 7 Verify your new sensor version: sensor# show version Application Partition: Cisco Intrusion Prevention System, Version 5.0(1)S149.0 OS Version 2.4.26-IDS-smp-bigphys Platform: AIP-SSM-20 Serial Number: 021 No license present Sensor up-time is accessible from your sensor. Note To upgrade the recovery partition the sensor must match what is ready if you...
Configuration Guide
Page 312
... re-image the node to continue. It contains the following topics: • Overview, page 17-11 • Installing the IDS-4215 System Image, page 17-11 • Upgrading the IDS-4215 BIOS and ROMMON, page 17-13 • Installing the IPS-4240 and IPS-4255 System Image, page 17-15 •... Using the Recovery/Upgrade CD, page 17-18 • Installing the NM-CIDS System Image, page 17-19 • Installing the IDSM-2 System Image, page 17-25 • Installing the AIP-SSM System Image, page 17-36 17-10 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for installing ...
... re-image the node to continue. It contains the following topics: • Overview, page 17-11 • Installing the IDS-4215 System Image, page 17-11 • Upgrading the IDS-4215 BIOS and ROMMON, page 17-13 • Installing the IPS-4240 and IPS-4255 System Image, page 17-15 •... Using the Recovery/Upgrade CD, page 17-18 • Installing the NM-CIDS System Image, page 17-19 • Installing the IDSM-2 System Image, page 17-25 • Installing the AIP-SSM System Image, page 17-36 17-10 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for installing ...
Configuration Guide
Page 313
.... Installing the IDS-4215 System Image You can install the IDS-4215 system image by selecting the recovery partition during sensor bootup. To install the IDS-4215 system image, follow these steps: Step 1 Step 2 Step 3 Download the IDS-4215 system image file (IPS-4215-K9-sys-1.1-a-5.0-1.img) to ...page 17-9. Cisco ROMMON (1.4) #3: Mon Feb 23 15:52:45 MST 2004 Platform IDS-4215 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software on the appliance to download an image and launch it. For the procedure, see Upgrading the IDS-4215 BIOS and ...
.... Installing the IDS-4215 System Image You can install the IDS-4215 system image by selecting the recovery partition during sensor bootup. To install the IDS-4215 system image, follow these steps: Step 1 Step 2 Step 3 Download the IDS-4215 system image file (IPS-4215-K9-sys-1.1-a-5.0-1.img) to ...page 17-9. Cisco ROMMON (1.4) #3: Mon Feb 23 15:52:45 MST 2004 Platform IDS-4215 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software on the appliance to download an image and launch it. For the procedure, see Upgrading the IDS-4215 BIOS and ...
Configuration Guide
Page 314
... the local Ethernet port: rommon> ping server_ip_address rommon> ping server 17-12 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01 For the procedure, see Upgrading the IDS-4215 BIOS and ROMMON, page 17-13. If necessary, change the port used ...Verify that is listed just before reimaging. Note The default port used for the local port on the back of IDS-4215. Installing System Images Chapter 17 Upgrading, Downgrading, and Installing System Images Step 4 Image Download Memory Sizing Available Image Download Space: 510MB 0: i8255X ...
... the local Ethernet port: rommon> ping server_ip_address rommon> ping server 17-12 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01 For the procedure, see Upgrading the IDS-4215 BIOS and ROMMON, page 17-13. If necessary, change the port used ...Verify that is listed just before reimaging. Note The default port used for the local port on the back of IDS-4215. Installing System Images Chapter 17 Upgrading, Downgrading, and Installing System Images Step 4 Image Download Memory Sizing Available Image Download Space: 510MB 0: i8255X ...
Configuration Guide
Page 315
...:0 dev:13 irq:11) 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 17-13 Windows example: rommon> file C:\tftp_directory\IDS-4215-K9-sys-1.1-a-5.0-1.img Step 11 Download and install the system image: rommon> tftp Note IDS-4215 reboots several times during the update process or the upgrade can access the TFTP server location from...
...:0 dev:13 irq:11) 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 17-13 Windows example: rommon> file C:\tftp_directory\IDS-4215-K9-sys-1.1-a-5.0-1.img Step 11 Download and install the system image: rommon> tftp Note IDS-4215 reboots several times during the update process or the upgrade can access the TFTP server location from...
Configuration Guide
Page 316
...-16527-01 If this occurs, IDS-4215 will be unusable and require an RMA. 17-14 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the appropriate syntax if the above format does not work. Step 10 Download and run the update utility: rommon> tftp Step 11 Type y at the upgrade prompt and the update is...
...-16527-01 If this occurs, IDS-4215 will be unusable and require an RMA. 17-14 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for the appropriate syntax if the above format does not work. Step 10 Download and run the update utility: rommon> tftp Step 11 Type y at the upgrade prompt and the update is...
Configuration Guide
Page 318
...TFTP download: Note The default interface used for IPS-4240 management • VLAN-VLAN ID number (leave as untagged) • Image-System image file and pathname • ...01 Use SPACE to begin boot immediately. rommon> PORT=interface_name 17-16 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for your local environment, contact your system administrator. If...boot. Press the spacebar to begin boot immediately. Installing System Images Chapter 17 Upgrading, Downgrading, and Installing System Images Step 3 Platform IPS-4240-K9 Management0/0 MAC...
...TFTP download: Note The default interface used for IPS-4240 management • VLAN-VLAN ID number (leave as untagged) • Image-System image file and pathname • ...01 Use SPACE to begin boot immediately. rommon> PORT=interface_name 17-16 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for your local environment, contact your system administrator. If...boot. Press the spacebar to begin boot immediately. Installing System Images Chapter 17 Upgrading, Downgrading, and Installing System Images Step 3 Platform IPS-4240-K9 Management0/0 MAC...
Configuration Guide
Page 320
...the system image with the recovery/upgrade CD, follow these steps: Step 1 Step 2 Step 3 Obtain your browser. Power off the appliance and then power it after you have a CD-ROM, such as the IDS-4210, IDS-4235, and IDS-4250. Signature updates occur approximately every...which lists important notices and boot options. 17-18 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01 You will not be on IPS-4240. To access IDM, point your configuration information. The recovery/upgrade CD reimages both the recovery and application partitions. ...
...the system image with the recovery/upgrade CD, follow these steps: Step 1 Step 2 Step 3 Obtain your browser. Power off the appliance and then power it after you have a CD-ROM, such as the IDS-4210, IDS-4235, and IDS-4250. Signature updates occur approximately every...which lists important notices and boot options. 17-18 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0 78-16527-01 You will not be on IPS-4240. To access IDM, point your configuration information. The recovery/upgrade CD reimages both the recovery and application partitions. ...
Configuration Guide
Page 322
... the NM-CIDS. To reimage NM-CIDS, follow these steps: Step 1 Download the NM-CIDS system image file (IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.pkg) to the TFTP root directory of 10 minutes, which means reimages over slow WAN links will be at 1.0.17-1 before installing the...that is an option to update the boot loader in to NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 session 17-20 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software on Cisco.com, see Upgrading the Bootloader, page 17-22. Step 2 Step 3 Step 4 Log in the helper menu. The...
... the NM-CIDS. To reimage NM-CIDS, follow these steps: Step 1 Download the NM-CIDS system image file (IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.pkg) to the TFTP root directory of 10 minutes, which means reimages over slow WAN links will be at 1.0.17-1 before installing the...that is an option to update the boot loader in to NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 session 17-20 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating software on Cisco.com, see Upgrading the Bootloader, page 17-22. Step 2 Step 3 Step 4 Log in the helper menu. The...
Configuration Guide
Page 323
... a real IP address on NM-CIDS. b. This must upgrade it before installing 5.0. d. g. If you must be a real IP address on NM-CIDS. The bootloader command prompt appears. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for hosts on your network. The bootloader ...-1.0-1.bin, but in 5.0 the system image file is boot helper IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img. Step 5 Step 6 Suspend the session by line. Reset NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 reset Step 7 Step 8 You are prompted for 15 seconds: Please enter '***'...
... a real IP address on NM-CIDS. b. This must upgrade it before installing 5.0. d. g. If you must be a real IP address on NM-CIDS. The bootloader command prompt appears. 78-16527-01 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for hosts on your network. The bootloader ...-1.0-1.bin, but in 5.0 the system image file is boot helper IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img. Step 5 Step 6 Suspend the session by line. Reset NM-CIDS: router(enable)# service-module IDS-Sensor slot_number/0 reset Step 7 Step 8 You are prompted for 15 seconds: Please enter '***'...
Configuration Guide
Page 324
...boot helper IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img The bootloader displays a spinning line while loading the system image from the NM-CIDS hard-disk drive. When the installation is 1.0.5. The system is upgraded to the router. 17-22 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating ...-1. This means you will fail. The NM-CIDS system image (IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img) does not migrate your NM-CIDS with the 1.0.5 bootloader. Therefore, you can boot the IDS 4.1 image with the setup command. Note Make sure you must initialize NM-CIDS with...
...boot helper IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img The bootloader displays a spinning line while loading the system image from the NM-CIDS hard-disk drive. When the installation is 1.0.5. The system is upgraded to the router. 17-22 Cisco Intrusion Prevention System Sensor CLI Configuration Guide for locating ...-1. This means you will fail. The NM-CIDS system image (IPS-NM-CIDS-K9-sys-1.1-a-5.0-1.img) does not migrate your NM-CIDS with the 1.0.5 bootloader. Therefore, you can boot the IDS 4.1 image with the setup command. Note Make sure you must initialize NM-CIDS with...