Cisco IPS-4255-K9 Installation Guide

Cisco IPS-4255-K9 - Intrusion Protection Sys 4255 Manual

Get Cisco IPS-4255-K9 - Intrusion Protection Sys 4255 PDF manuals and user guides
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals

Cisco IPS-4255-K9 manual content summary:

  • Cisco IPS-4255-K9 | Installation Guide - Page 1
    Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 2
    included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 © 2010-2012 Cisco Systems, Inc. All rights reserved.
  • Cisco IPS-4255-K9 | Installation Guide - Page 3
    1-15 VLAN Group Mode 1-15 Deploying VLAN Groups 1-16 Supported Sensors 1-17 IPS Appliances 1-18 Introducing the IPS Appliance 1-18 Appliance Restrictions 1-19 Connecting an Appliance to a Terminal Server 1-19 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 iii
  • Cisco IPS-4255-K9 | Installation Guide - Page 4
    IPS 4240 and the IPS 4255 2-7 Installing the IPS 4240-DC 2-10 3 C H A P T E R Installing the IPS 4260 3-1 Introducing the IPS 4260 3-1 Supported Interface Cards 3-2 Hardware Bypass 3-4 4GE Bypass Interface Card 3-4 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 5
    IPS 4270-20 from the Rack 4-25 Installing the Cable Management Arm 4-28 Converting the Cable Management Arm 4-31 Installing the IPS 4270-20 4-35 Removing and Replacing the Chassis Cover 4-38 Accessing the Diagnostic Panel 4-41 Cisco Intrusion Prevention System Appliance and Module Installation Guide
  • Cisco IPS-4255-K9 | Installation Guide - Page 6
    IDSM2 Configurations 7-2 Using the TCP Reset Interface 7-3 Front Panel Features 7-3 Installation and Removal Instructions 7-4 Required Tools 7-4 Slot Assignments 7-5 Installing the IDSM2 7-5 Verifying Installation 7-9 Removing the IDSM2 7-10 Cisco Intrusion Prevention System Appliance and Module
  • Cisco IPS-4255-K9 | Installation Guide - Page 7
    Other IPS Modules 8-3 Restrictions 8-3 Hardware Interfaces 8-4 Installation and Removal Instructions 8-5 Verifying Installation 8-6 Logging In to the Sensor 9-1 Supported User Roles 9-1 Logging In to the Appliance 9-2 Connecting an Appliance to a Terminal Server 9-3 Logging In to the AIM IPS 9-4 The
  • Cisco IPS-4255-K9 | Installation Guide - Page 8
    System Images 12-1 Supported FTP and HTTP/HTTPS Servers 12-2 Upgrading the Sensor 12-2 IPS 7.0 Upgrade Files 12-2 upgrade Command and Options 12-3 Using the upgrade Command 12-4 Upgrading the Recovery Partition 12-5 Configuring Automatic Upgrades 12-6 Automatic Upgrades 12-6 auto-upgrade Command and
  • Cisco IPS-4255-K9 | Installation Guide - Page 9
    the Configuration File Using a Remote Server A-3 Creating the Service Account A-5 Disaster Recovery A-6 Recovering the Password A-7 Understanding Password Recovery A-8 Recovering the Appliance Password A-8 Using the GRUB Menu A-8 Using ROMMON A-9 Recovering the AIM IPS Password A-10 Recovering
  • Cisco IPS-4255-K9 | Installation Guide - Page 10
    of Password Recovery A-15 Troubleshooting Password Recovery A-15 Time and the Sensor A-16 Time Sources and the Sensor A-16 Synchronizing IPS Module Clocks with Parent Device Clocks A-17 Verifying the Sensor is Synchronized with the NTP Server A-17 Correcting Time on the Sensor A-18 Advantages and
  • Cisco IPS-4255-K9 | Installation Guide - Page 11
    A-69 Troubleshooting the AIM IPS and the NME IPS A-69 Interoperability With Other IPS Network Modules A-69 Gathering Information A-70 Health and Network Security Information A-70 Tech Support Information A-71 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 xi
  • Cisco IPS-4255-K9 | Installation Guide - Page 12
    Information A-88 Sensor Events A-88 Understanding the show events Command A-89 Displaying Events A-89 Clearing Events A-92 cidDump Script A-92 Uploading and Accessing Files on the Cisco FTP Site A-93 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 xii OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 13
    , page xvi • Obtaining Documentation and Submitting a Service Request, page xvii Audience This guide is for experienced network security administrators who install and maintain Cisco IPS sensors, including the supported IPS appliances and modules. Comply with Local and National Electrical Codes
  • Cisco IPS-4255-K9 | Installation Guide - Page 14
    . Aviso A instalação do equipamento tem de estar em conformidade com os códigos eléctricos locais e nacionais. ¡Advertencia! La ske i enlighet med gällande elinstallationsföreskrifter. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 xiv OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 15
    NME IPS" "Logging In to the Sensor" "Initializing the Sensor" 11 "Obtaining Software" 12 "Upgrading, Downgrading, and Installing System Images" A "Troubleshooting" "Glossary" Description Describes IPS appliances and modules. Describes how to install the IPS 4240 and the IPS 4255. Describes
  • Cisco IPS-4255-K9 | Installation Guide - Page 16
    as passwords are in angle brackets. Default Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface • Installling and Removing Interface Cards in Cisco IPS-4260 and IPS 4270-20 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 17
    Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 xvii
  • Cisco IPS-4255-K9 | Installation Guide - Page 18
    Contents Preface xviii Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 19
    in either promiscuous or inline mode. Figure 1-1 on page 1-2 shows how you can deploy a combination of sensors operating in both inline (IPS) and promiscuous (IDS) modes to protect your network. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-1
  • Cisco IPS-4255-K9 | Installation Guide - Page 20
    session because of limitations in the TCP protocol. • Make ACL changes on switches, routers, and firewalls that the sensor manages. Note ACLs may block only future traffic, not current traffic. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-2 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 21
    protection posture. The Cisco signature team has spent many hours on testing the defaults to give your sensor the highest protection. If you think that you have lost these defaults, you can restore them. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 22
    in on the sensor motherboard are in slot 0, and the PCI expansion slots are numbered beginning with slot 1 for the bottom slot with the slot numbers increasing from bottom to top (except for the IPS 4270-20, where the Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 23
    Sensor AIM IPS AIP SSM-10 AIP SSM-20 AIP SSM-40 IDSM2 IPS 4240 Command and Control Interface Management0/0 GigabitEthernet0/0 GigabitEthernet0/0 GigabitEthernet0/0 GigabitEthernet0/2 Management0/0 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 24
    the interface support for appliances and modules running Cisco IPS. Table 1-2 Interface Support Base Chassis AIM IPS AIP SSM-10 Added Interface Cards - - Interfaces Supporting Inline VLAN Pairs (Sensing Ports) GigabitEthernet0/1 by ids-service-module command in the router configuration instead
  • Cisco IPS-4255-K9 | Installation Guide - Page 25
    Sensor How the Sensor Functions Table 1-2 Interface Support (continued) Base Chassis AIP SSM-20 AIP SSM-40 IDSM2 IPS 4240 IPS 4255 IPS 4260 IPS 4260 Added Interface Cards - - - - - - 4GE-BP Interfaces Supporting Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 26
    IPS - GigabitEthernet0/1 by ids-service-module command in the router configuration instead of VLAN pair or inline interface pair GigabitEthernet0/1 by ids-service-module command in the router configuration . Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0
  • Cisco IPS-4255-K9 | Installation Guide - Page 27
    TCP Reset Interfaces Sensor AIM IPS AIP SSM-10 AIP SSM-20 AIP SSM-40 IDSM2 IPS 4240 IPS 4255 Alternate TCP Reset Interface None None None None System0/11 Any sensing interface Any sensing interface OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 28
    (copper or fiber) interfaces, if the speed is configured for 1000 Mbps, the only valid duplex setting is auto. - The command and control interface cannot also serve as a sensing interface. 1-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 29
    of these modes is allowed. - You cannot add a VLAN to more than one group on each interface. - You cannot add a VLAN group to multiple virtual sensors. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-11
  • Cisco IPS-4255-K9 | Installation Guide - Page 30
    sensor. The sensor analyzes a copy of the monitored traffic rather than the actual forwarded packet. The advantage of operating in promiscuous mode is that the sensor the interface configuration. 1-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-
  • Cisco IPS-4255-K9 | Installation Guide - Page 31
    , 962 4/1-4 both Note The SPAN/Monitor configuration is valuable when you want to assign different IPS policies per VLAN or when you have more bandwidth to monitor than one interface can handle. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-13
  • Cisco IPS-4255-K9 | Installation Guide - Page 32
    through interface pair 253444 Router Sensor VLAN A Switch Host For More Information For a list of restrictions pertaining to IPS sensor interfaces, see Interface Restrictions, page 1-10. 1-14 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 33
    supports multiple virtual sensors, each of which can monitor one or more of these interfaces. This lets you apply multiple policies to the same sensor. The advantage is that now you can use a sensor -18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-15
  • Cisco IPS-4255-K9 | Installation Guide - Page 34
    not specifically assigned is specified. If the default VLAN setting is 0, the Note You can configure a port on sensor. The second variation does not apply to the IDSM2 because it cannot be connected in this way. 1-16 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 35
    modules) that are supported by Cisco IPS 7.0. Table 1-4 Supported Sensors Model Name Appliances IPS 4240 IPS 4255 IPS 4260 Part Number IPS 4240-K9 IPS 4240-DC-K91 IPS 4255-K9 IPS 4260-K9 Optional Interfaces - - - IPS-4GE-BP-INT= IPS-2SX-INT= IPS 4270-20 IPS 4260-4GE-BP-K9 IPS 4260-2SX-K9 IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 36
    , is a legacy model and is not supported in this document. For More Information For instructions on how to obtain the most recent Cisco IPS software, see Obtaining Cisco IPS Software, page 11-1. IPS Appliances This section describes the Cisco 4200 series appliance, and contains the following topics
  • Cisco IPS-4255-K9 | Installation Guide - Page 37
    optimized for specific data rates and are packaged in Ethernet, Fast Ethernet, and Gigabit Ethernet configurations. In switched environments, appliances must be connected to the SPAN port or VACL capture port of the switch. The Cisco IPS 4200 series appliances provide the following: • Protection of
  • Cisco IPS-4255-K9 | Installation Guide - Page 38
    Advanced Integration Module (AIM IPS) integrates and bring inline Cisco IPS functionality to Cisco access routers. You can install the AIM IPS in Cisco 1841, 2800 series, and 3800 series routers. 1-20 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504
  • Cisco IPS-4255-K9 | Installation Guide - Page 39
    includes all communications between applications, such as IDM, IME, CSM, and CS-MARS, and the servers on the module for exchange of IPS events, IP logs, configuration, and control messages. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-21
  • Cisco IPS-4255-K9 | Installation Guide - Page 40
    manager. There are three models of AIP SSM: • ASA-SSM-AIP-10-K9 - Supports 150 Mbps of IPS throughput when installed in ASA 5510 - Supports 225 Mbps of IPS throughput when installed in ASA 5520 1-22 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 41
    a private (inside) network and a public (outside) network. The web server is on the DMZ interface, and HTTP clients from both the inside and outside networks can access the web server securely. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-23
  • Cisco IPS-4255-K9 | Installation Guide - Page 42
    IPS Modules Chapter 1 Introducing the Sensor Figure 1-8 DMZ Configuration HTTP client ASA security appliance 10.10.10.10 Inside 10.10.10.0 Outside 209.165.200.225 DMZ 10.30.30.0 Internet HTTP client HTTP client 148403 Web server 10.30.30.30 In Figure 1-8 an HTTP client (10.10.10.10) on
  • Cisco IPS-4255-K9 | Installation Guide - Page 43
    includes all communications between applications, such as IDM, IME, CSM, and CS-MARS, and the servers on the module for exchange of IPS events, IP logs, configuration, and control messages. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-25
  • Cisco IPS-4255-K9 | Installation Guide - Page 44
    obtain the NTP server IP address, NTP server key ID, and the key value from the NTP server. You can set up NTP during initialization or you can configure NTP through the CLI, IDM, IME, or ASDM. 1-26 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 45
    AIP SSM and the adaptive security appliance. - Use NTP-You can configure the AIP SSM to get its time from an NTP time synchronization source, such as a Cisco router other than the parent router. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-27
  • Cisco IPS-4255-K9 | Installation Guide - Page 46
    000 0.001 offset jitter 37.975 33.465 0.000 0.001 If the status continues to read Not Synchronized, check with the NTP server administrator to make sure the NTP server is configured correctly. 1-28 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 47
    sensor model. For More Information • For ESD guidelines, see Electrical Safety Guidelines, page 1-31. • For the procedure for working in an ESD environment, see Working in an ESD Environment, page 1-32. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 48
    chassis. The best placement of the baffles depends on the airflow patterns in the rack. Experiment with different arrangements to position the baffles effectively. 1-30 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 49
    from the system frame and chassis. Other DC power guidelines are listed in Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-31
  • Cisco IPS-4255-K9 | Installation Guide - Page 50
    the Sensor Power Supply power supply: - Each DC-input power supply requires dedicated 15-amp service. - For DC power cables, we recommend a minimum of 14 AWG upgrade part, are designed for one time use. 1-32 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 51
    Chapter 1 Introducing the Sensor Cable Pinouts Step 3 Attach the wrist strap to your wrist and to the terminal on the work Console Port (RJ-45), page 1-35 • RJ-45 to DB-9 or DB-25, page 1-36 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-33
  • Cisco IPS-4255-K9 | Installation Guide - Page 52
    for 10Base-TX operations. Note Some sensors support 10/100BaseT (IDS-4210, IDS-4215, and the optional 4FE card) while others support 10/100/1000BaseT (IDS-4235, IDS-4250-TX, IPS 4240, and IPS 4255). This only applies to the copper appliances. The fiber appliances support 1000Base-SX only. The 10
  • Cisco IPS-4255-K9 | Installation Guide - Page 53
    the Sensor Cable Pinouts Console Port (RJ-45) Cisco products use the following types of RJ-45 cables: • Straight-through • Cross-over • Rolled (console) Note Cisco does not end of the cable. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-35
  • Cisco IPS-4255-K9 | Installation Guide - Page 54
    -45 to DB-9 or DB-25 Signal RTS DTR TxD GND GND RxD DSR CTS RJ-45 Pin 8 7 6 5 4 3 2 1 DB-9 /DB-25 Pin 8 6 2 5 5 3 4 7 Chapter 1 Introducing the Sensor 1-36 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 55
    the IPS 4255, page 2-1 • Front and Back Panel Features, page 2-2 • Specifications, page 2-4 • Connecting the IPS 4240 to a Cisco 7200 Series Router, page 2-5 • Accessories, page 2-5 • Important Safety Instructions, page 2-5 • Rack Mounting, page 2-6 • Installing the IPS 4240 and the IPS 4255, page
  • Cisco IPS-4255-K9 | Installation Guide - Page 56
    the IPS 4240 and the IPS 4255. Figure 2-1 IPS 4240/IPS 4255 Front Panel Features PWR STATUS FLASH Cisco IPS 4240 series Intrusion Prevention Sensor 114003 Power device is being accessed. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 2-2 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 57
    Figure 2-2 shows the back view of the IPS 4240 and the IPS 4255. Figure 2-2 IPS 4240 and IPS 4255 Back Panel Features GigabitEthernet0/0 External compact Serial Management0 100 Mbps 1000 Mbps OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 2-3
  • Cisco IPS-4255-K9 | Installation Guide - Page 58
    IPS 4240 and the IPS 4255 Specifications Table 2-3 lists the specifications for the IPS 4240 and the IPS 4255. Table 2-3 IPS 4240 and IPS 4255 Specifications Acoustic noise 60 dBa (maximum) Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 2-4 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 59
    that accompanied this device. Statement 1071 SAVE THESE INSTRUCTIONS Warning Only trained and qualified personnel should be allowed to install, replace, or service this equipment. Statement 1030 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 2-5
  • Cisco IPS-4255-K9 | Installation Guide - Page 60
    Sensor 114016 Note The top hole on the left bracket is a banana jack you can use for ESD grounding purposes when you are servicing the system. You can use the two threaded holes to mount a ground lug to ground the chassis. Cisco Intrusion Prevention System Appliance and Module Installation Guide
  • Cisco IPS-4255-K9 | Installation Guide - Page 61
    safety procedures when performing these steps by reading the safety warnings in Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 2-7
  • Cisco IPS-4255-K9 | Installation Guide - Page 62
    connect the appliance to a port on a terminal server with RJ-45 or hydra cable assembly connections. Connect the appropriate cable from the console port on the appliance to a port on the terminal server. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 2-8 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 63
    command and control port. appliance. Initialize the appliance. Upgrade the appliance with the most recent Cisco IPS software. You are now ready to configure intrusion prevention on the appliance. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 64
    equipment is suitable for connection to intra-building wiring only. Warning Only trained and qualified personnel should be allowed to install, replace, or service this equipment. Statement 1030 2-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 65
    that services the DC circuit, switch the circuit breaker to the OFF position, and tape the switch handle of the circuit breaker in the OFF position. Remove the DC power supply plastic shield. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 2-11
  • Cisco IPS-4255-K9 | Installation Guide - Page 66
    Chapter 2 Installing the IPS 4240 and the IPS 4255 Step 8 Strip the ends of the wires for insertion into the power connect lugs on the IPS 4240-DC. 148401 Switch Negative Positive Ground 2-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 67
    Device Manager 7.0 - Installing and Using Cisco Intrusion Prevention System Manager Express 7.0 - Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 7.0 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 2-13
  • Cisco IPS-4255-K9 | Installation Guide - Page 68
    Installing the IPS 4240-DC Chapter 2 Installing the IPS 4240 and the IPS 4255 2-14 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 69
    subnets. The IPS 4260 is a purpose-built device that has support for both copper and fiber NIC environments thus providing flexibility of deployment in any environment. It replaces IDS-4250-XL. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 3-1
  • Cisco IPS-4255-K9 | Installation Guide - Page 70
    -T (4GE) monitoring interfaces. The IPS 4260 supports up to two 4GE bypass interfaces cards for a total of eight GE bypass interfaces. The 4GE bypass interface card supports hardware bypass. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 3-2 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 71
    fiber interfaces. The card ports require a multi-mode fiber cable with an LC connector to connect to the SX interface of the IPS 4260. The 10GE interface card does not support hardware bypass. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 3-3
  • Cisco IPS-4255-K9 | Installation Guide - Page 72
    in each inline VLAN subinterface. For each inline interface on which hardware bypass is available, the component interfaces are set to standby mode. If the sensor is Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 3-4 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 73
    problems. The sensor is only guaranteed to operate correctly with the switch if both of them are configured for identical speed and duplex, which means that the sensor must be set for autonegotiation too. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 74
    Cisco IPS 4260 series Intrusion Prevention Sensor 153095 ID There are three switches on the front panel of the IPS 4260: • Power-Toggles the system power. • Reset-Resets the system. • ID-Toggles the system ID indicator. Cisco Intrusion Prevention System Appliance and Module Installation Guide
  • Cisco IPS-4255-K9 | Installation Guide - Page 75
    (not supported) CONSOLE GE 0/1 MGMT Console Management port 0/0 USB ports (not used) Gigabit Ethernet 0/1 Video connector (not supported) 3 2 1 Power Power supply 2 supply 1 153094 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 3-7
  • Cisco IPS-4255-K9 | Installation Guide - Page 76
    only 5Vsb on (power supply off). No AC power to this power supply (for 1+1 configuration) or power supply critical event causing a shutdown: failure, fuse blown (1+1 only), OCP 12 , or slow fan. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 3-8 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 77
    The IPS 4260 accessories kit contains the following: • DB25 connector • DB9 connector • Rack mounting kit-screws, washers, and metal bracket • RJ45 console cable • Two 6-ft Ethernet cables OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 3-9
  • Cisco IPS-4255-K9 | Installation Guide - Page 78
    steps: Step 1 Attach each inner rail to each side of the chassis with three 8-32x1/4" SEMS screws. RESET ID ID NIC POWER FLASH STATUS Cisco IPSInt4ru2si6on0Prseeverniteiosn Sensor 153314 3-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 79
    Sensor 153315 Step 3 Using the four inner studs, install the mounting brackets to the outer rail with four 8-32 KEPS nuts. Insert four thread covers over the four outer studs on each side. 153316 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 80
    Step 5 Slide the IPS 4260 into the rack making sure the inner rail is aligned with the outer rail. RESET ID ID NIC POWER FLASH STATUS Cisco IPSInt4ru2si6on0Prseeverniteiosn Sensor 153318 3-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 81
    Sensor 153320 Step 2 Using the four inner studs, install the mounting brackets to the outer rail with four 8-32 KEPS nuts. Insert four thread covers over the four outer studs on each side. 153321 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 82
    Step 4 Slide the IPS 4260 into the rack making sure the inner rail is aligned with the outer rail. RESET ID ID NIC POWER FLASH STATUS Cisco IPSInt4ru2si6on0Prseeverniteiosn Sensor 153323 3-14 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 83
    procedures when performing these steps by reading the safety warnings in Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 3-15
  • Cisco IPS-4255-K9 | Installation Guide - Page 84
    enter configuration appliance to a port on a terminal server with RJ-45 or hydra cable assembly connections. Connect the appropriate cable from the console port on the appliance to a port on the terminal server. 3-16 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 85
    • Management0/0 (MGMT) is the command and control port. • GigabitEthernetslot_number/port_number through GigabitEthernetslot_number/port_number are the on the IPS 4260. Initialize the IPS 4260. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 3-17
  • Cisco IPS-4255-K9 | Installation Guide - Page 86
    , see Connecting an Appliance to a Terminal Server, page 1-19. • For the procedure for using the setup command to initialize the IPS 4260, see Initializing the Sensor, page 10-1. • For the procedure for obtaining and installing the most recent IPS software, see Obtaining Cisco IPS Software, page 11
  • Cisco IPS-4255-K9 | Installation Guide - Page 87
    the safety warnings in Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. Note Removing the appliance chassis cover does not affect your Cisco warranty. Upgrading the IPS 4260 does not require any special tools and does not create
  • Cisco IPS-4255-K9 | Installation Guide - Page 88
    Prepare the IPS 4260 to be powered off: sensor# reset powerdown IPS 4260. If rack-mounted, remove the IPS 4260 from the rack. Make sure the IPS 4260 is in an ESD-controlled environment. Remove the chassis cover. 3-20 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 89
    slot cover screw to hold the card to the carrier. If necessary, reinstall the card support at the back of the card carrier. Replace the card carrier in the chassis. Replace the chassis cover. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 3-21
  • Cisco IPS-4255-K9 | Installation Guide - Page 90
    cable and other cables from the IPS 4260. Note Power supplies are hot-swappable. You can replace a power supply while the IPS 4260 is running, if you are replacing a redundant power supply. 3-22 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 91
    Chapter 3 Installing the IPS 4260 Step 5 Squeeze the tabs to remove the filler plate. Installing and Removing the supply, replace the power cord and other cables. Step 9 Power on the IPS 4260. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 3-23
  • Cisco IPS-4255-K9 | Installation Guide - Page 92
    the IPS 4260 For More Information For the IDM procedure for resetting the IPS 4260, refer to Rebooting the Sensor; for the IME procedure for resetting the IPS 4260, refer to Rebooting the Sensor. 3-24 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 93
    • Installing and Removing Interface Cards, page 4-41 • Installing and Removing the Power Supply, page 4-44 • Installing and Removing Fans, page 4-49 • Troubleshooting Loose Connections, page 4-51 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-1
  • Cisco IPS-4255-K9 | Installation Guide - Page 94
    these ports. You receive the following error if you exceed the number of supported ports: The number of installed network interfaces exceeds the limit of 16. The excess interfaces are ignored. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-2 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 95
    -T (4GE) monitoring interfaces. The IPS 4270-20 supports up to four 4GE bypass interface cards for a total of sixteen GE bypass interfaces. The 4GE bypass interface card supports hardware bypass. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-3
  • Cisco IPS-4255-K9 | Installation Guide - Page 96
    fiber interfaces. The card ports require a multi-mode fiber cable with an LC connector to connect to the SX interface of the IPS 4270-20. The 10GE interface card does not support hardware bypass. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-4 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 97
    in each inline VLAN subinterface. For each inline interface on which hardware bypass is available, the component interfaces are set to standby mode. If the sensor is OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-5
  • Cisco IPS-4255-K9 | Installation Guide - Page 98
    any cabling problems. The sensor is only guaranteed to operate correctly with the switch if both of them are configured for identical speed and duplex, which means that the sensor must be set for autonegotiation too. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 99
    of the IPS 4270-20. Figure 4-5 IPS 4270-20 Front View Switches/Indicators 1 2 3 4 5 6 7 8 Cisco IPS 4270 SERIES Intrusion Prevention Sensor UID SYSTEPMWR SMTGAMTUTMS0GMT 1 250082 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-7
  • Cisco IPS-4255-K9 | Installation Guide - Page 100
    Cisco IPS 4270 SERIES Intrusion Prevention Sensor UID SYSTEPMWR SMTGAMTUTMS0GMT 1 250108 Table 4-1 describes the front panel switches and indicators on the IPS • Off-No network connection Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-8 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 101
    has no AC power Figure 4-7 shows the back view of the IPS 4270-20. Figure 4-7 IPS 4270-20 Back Panel Features Power supply 2 Sensing interface expansion slots Power /0 Management0/0 250083 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-9
  • Cisco IPS-4255-K9 | Installation Guide - Page 102
    Front and Back Panel Features Chapter 4 Installing the IPS 4270-20 Figure 4-8 shows the built-in Ethernet port, which has two No network activity Linked to network Not linked to network 4-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 103
    remove the chassis cover to view the Diagnostic Panel, leave the IPS 4270-20 powered on. Powering off the IPS 4270-20 clears the Diagnostic Panel indicators. Figure 4-9 shows PPM3 250250 PPM4 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-11
  • Cisco IPS-4255-K9 | Installation Guide - Page 104
    location of the Diagnostic Panel in the IPS 4270-20 chassis, see Figure 4-10 on page 4-13. • For information on how to access the Diagnostic Panel, see Accessing the Diagnostic Panel, page 4-41. 4-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 105
    4-10 IPS 4270-20 Internal Components Power supply Sensing interface expansion slots Power supply Internal Components Cooling fans Cooling fans Diagnostic panel 250249 OL-18504-01 Cooling fans Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-13
  • Cisco IPS-4255-K9 | Installation Guide - Page 106
    Chapter 4 Installing the IPS 4270-20 Specifications Table 4-5 lists the specifications for the IPS 4270-20. Table 4-5 IPS 4270-20 Specifications Dimensions and Weight Height 6. sunlight. 4-14 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 107
    Cisco Intrusion Detection and Prevention System 4200 Series Appliance Sensor • Documentation Roadmap for Cisco Intrusion Prevention System Installing the Rail System Kit You can install the IPS OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-15
  • Cisco IPS-4255-K9 | Installation Guide - Page 108
    the security appliance in a threaded-whole rack. This rail system supports a parts (screws, and so forth) • One cable management arm stop bracket Space and Airflow Requirements To allow for servicing Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 109
    The tapered end of the chassis side rail should be at the back of the IPS 4270-20. The chassis side rail is held in place by the inner latch. Step 2 Repeat Step 1 for each chassis side rail. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-17
  • Cisco IPS-4255-K9 | Installation Guide - Page 110
    Step 3 To remove the chassis side rail, lift the latch, and slide the rail forward. 1 2 3 4 5 6 7 8 CiscoInIPtrSu4si2o7n0PSrEeRvIeEnStion Sensor UID SYSTEPMWR SMTGATMUTMS0GMT 1 250221 2 1 4-18 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 111
    are installing the IPS 4270-20 in a shallow rack, one that is less than 28.5 in. (72.39 cm), remove the screw from the inside of the slide assembly before continuing with Step 5. < 28.5" 250207 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-19
  • Cisco IPS-4255-K9 | Installation Guide - Page 112
    Installing the Rail System Kit Chapter 4 Installing the IPS 4270-20 Step 5 Attach the slide assemblies to the rack. For round- release the slide assembly if you need to reposition it. 250208 4-20 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 113
    on each slide assembly using a standard screwdriver. Note You may need a pair of pliers to hold the retaining nut. 23 32 1 250209 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-21
  • Cisco IPS-4255-K9 | Installation Guide - Page 114
    the IPS 4270-20 b. Line up the bracket on the slide assembly with the rack holes, install two screws (top and bottom) on each end of the slide assembly. 1 250210 c. Repeat for each slide assembly. 4-22 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 115
    Chapter 4 Installing the IPS 4270-20 Step 6 Extend the slide assemblies out of the rack. Installing the Rail System Kit 250211 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-23
  • Cisco IPS-4255-K9 | Installation Guide - Page 116
    carefully push the IPS 4270-20 in to place. 1 2 3 4 5 6 7 8 CiscoInIPtrSu4si2o7n0PSrEeRvIeEnStion Sensor UID SYSTEPMWR SMTGATMUTMS0GMT 1 250212 Caution Keep the IPS 4270-20 is required). 4-24 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 117
    IPS 4270-20, see Installing the IPS 4270-20, page 4-35. Extending the IPS 4270-20 from the Rack You can extend the IPS 4270-20 from the rack for service or removal. Caution You can only extend the IPS -01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-25
  • Cisco IPS-4255-K9 | Installation Guide - Page 118
    of the IPS 4270-20 Sensor UID SYSTEPMWR SMTGATMUMTSG0MT 1 250222 Step 2 After performing the installation or maintenance procedure, slide the IPS 4270-20 in to the rack by pressing the rail-release latches. 4-26 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 119
    tab in the middle of the slide assembly forward, and pull the IPS 4270-20 from the rack. 1 2 3 4 5 6 7 8 CiscoInIPtrSu4si2o7n0PSrEeRvIeEnStion Sensor UID SYSTEPMWR SMTGATMUMTSG0MT 1 250223 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-27
  • Cisco IPS-4255-K9 | Installation Guide - Page 120
    on the cable management arm with the stud on the back of the IPS 4270-20 and align the two studs at the back of the chassis 100 MHz 1 PS1 CONSOLE Reserved for Future Use MGMT10/0 250214 4-28 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 121
    it in to place. Caution Make sure the metal tab is on the outside of the upper part of the cable management arm. PS2 UID PCI-E x4 9 8 PCI-E x8 7 PCI-E x4 to the IPS 4270-20 and the rack rail. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-29
  • Cisco IPS-4255-K9 | Installation Guide - Page 122
    through the cable management arm, make sure the cables are not pulled tight when the IPS 4270-20 is fully extended. PS2 UID PCI-E x4 9 8 PCI-E x8 7 PCI parts of the cable management arm together. 4-30 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 123
    Chapter 4 Installing the IPS 4270-20 Installing the Rail System Kit Step 4 Attach the cable management arm stop Note Make sure to orient the management arm with the cable trough facing upward. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-31
  • Cisco IPS-4255-K9 | Installation Guide - Page 124
    Chapter 4 Installing the IPS 4270-20 To convert the cable management arm swing, follow these steps: Step 1 Pull up the spring pin and slide the bracket off the cable management arm. 250218 4-32 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 125
    Chapter 4 Installing the IPS 4270-20 Installing the Rail System Kit Step 2 Remove the bottom sliding bracket and flip it over to the top of the bracket aligning the studs. 250219 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-33
  • Cisco IPS-4255-K9 | Installation Guide - Page 126
    Installing the Rail System Kit Chapter 4 Installing the IPS 4270-20 Step 3 On the other side of the sliding bracket, align the one way because the hole for the spring pin is offset. 250220 4-34 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 127
    IPS 4270-20 Installing the IPS 4270-20 Caution Follow proper safety procedures when performing these steps by reading the safety warnings in Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. Warning IMPORTANT SAFETY INSTRUCTIONS
  • Cisco IPS-4255-K9 | Installation Guide - Page 128
    : • Management0/0 (MGMT0/0) is the command and control port. • GigabitEthernetslot_number/port_number through GigabitEthernetslot_number/port_number are the can create security concerns. 4-36 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 129
    the instructions for setting up a terminal server, see Connecting an Appliance to a Terminal Server, page 1-19. • For the procedure for using the setup command to initialize the IPS 4270-20, see Initializing the Sensor, page 10-1. • For the procedure for obtaining the most recent Cisco IPS software
  • Cisco IPS-4255-K9 | Installation Guide - Page 130
    in Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. Warning This product relies on the building's installation for short-circuit (overcurrent) protection. Ensure that the protective device is rated not greater than 120 VAC
  • Cisco IPS-4255-K9 | Installation Guide - Page 131
    of a turn counterclockwise to unlock it. Lift up the cover latch on the top of the chassis. 1 2 3 4 5 6 7 8 CiscoInIPtrSu4si2o7n0PSrEeRvIeEnStion Sensor UID SYSTEPMWR SMTGATMUMTSG0MT 1 250123 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-39
  • Cisco IPS-4255-K9 | Installation Guide - Page 132
    for installing the power cables on the IPS 4270-20, see Installing the IPS 4270-20, page 4-35. • If you are reinstalling the IPS 4270-20 in a rack, see Installing the Rail System Kit, page 4-15. 4-40 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 133
    supported six slots (slots 3 to 8). Caution To prevent damage to the IPS 4270-20 or the expansion cards, power down the IPS 4270-20 and remove all AC power cables before removing or installing expansion cards. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide
  • Cisco IPS-4255-K9 | Installation Guide - Page 134
    the IPS 4270-20 to be powered off: sensor# reset IPS 4270-20. If rack-mounted, extend the IPS 4270-20 from the rack. Make sure the IPS 4270-20 is in an ESD-controlled environment. Remove the chassis cover. 4-42 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 135
    12 Step 13 Replace the chassis cover. Slide the server back in to the rack by pressing the server rail-release handles. Reconnect the power cables to the IPS 4270-20. Power on the IPS 4270-20. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-43
  • Cisco IPS-4255-K9 | Installation Guide - Page 136
    warnings in Regulatory Compliance and Safety Information for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor. The IPS 4270-20 ships with two hot-pluggable power supplies, thus providing a redundant power supply configuration. You can install or replace either power supply without
  • Cisco IPS-4255-K9 | Installation Guide - Page 137
    the IPS 4270-20 to remove the shipping screw. The T-15 Torx screwdriver is located to the right of power supply. PCI-E x4 4 3 PCI-X 2 100 MHz 1 PS1 CONSOLE Reserved for Future Use MGMT 0/0 250118 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 138
    Installing and Removing the Power Supply Chapter 4 Installing the IPS 4270-20 Step 6 Remove the power supply by pulling it away from the chassis. 250219 4-46 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 139
    open and slide the power supply into the bay. PCI-E x4 4 3 PCI-X 2 100 MHz 1 PS1 CONSOLE Reserved for Future Use MGMT 0/0 250119 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-47
  • Cisco IPS-4255-K9 | Installation Guide - Page 140
    Rebooting the Sensor; for the IME procedure for powering down the IPS 4270-20, refer to Rebooting the Sensor. • For an illustration of the screwdriver and where it is located, see Figure 4-7 on page 4-9. 4-48 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 141
    Extend the server from the rack. Remove the chassis cover. Identify the failed fan by locating an amber indicator on top of the failed fan or a lighted FAN X indicator on the Diagnostic Panel. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-49
  • Cisco IPS-4255-K9 | Installation Guide - Page 142
    Diagnostic Panel, see Diagnostic Panel, page 4-11. • For the procedure for removing the chassis cover, see Removing and Replacing the Chassis Cover, page 4-38. 4-50 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 143
    indicators that indicate a component is not connected properly. • If problems continue, remove and reinstall each device, checking the connectors and sockets for bent pins or other damage. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 4-51
  • Cisco IPS-4255-K9 | Installation Guide - Page 144
    Troubleshooting Loose Connections Chapter 4 Installing the IPS 4270-20 4-52 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 145
    ° to +104°F (+0° to +40°C) -40° to +185°F (-40° to +85°C) 5% to 95% noncondensing 0 to 10,000 ft (0 to 3,000 m) 1 GB 512 MB OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 5-1
  • Cisco IPS-4255-K9 | Installation Guide - Page 146
    in the module CLI. • Supported routers: - Cisco 1841 and 2801 - Cisco 2800 series (2811, 2821, and 2851) - Cisco 3800 series (3825 and 3845) Note The Cisco routers support up to one AIM IPS per platform. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 5-2 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 147
    Modules • Supported Cisco IOS Feature Sets: - Cisco IOS Advanced Security - Cisco IOS Advanced IP Services - Cisco IOS Advanced Enterprise Services Interoperability With Other IPS Modules Caution You cannot upgrade an NM CIDS to an NME IPS. The Cisco access routers only support one IDS/IPS module
  • Cisco IPS-4255-K9 | Installation Guide - Page 148
    itself and is used for routing traffic to the command and control interface of the AIM IPS. It is used as the default router IP address when you set up the AIM IPS command and control interface. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 5-4 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 149
    and remove the AIM IPS, refer to the following documents: • Cisco 1800 Series Hardware Installation Guide (Modular) For instructions, refer to "Installing and Upgrading Internal Modules in Cisco 1800 Series Routers (Modular)." • Cisco 2800 Series Hardware Installation For instructions, refer to
  • Cisco IPS-4255-K9 | Installation Guide - Page 150
    " PID: CISCO3825 , VID: V01 , SN: FTX1009C3KT NAME: "Cisco Intrusion Prevention System AIM in AIM slot: 1", DESCR: "Cisco Intrusion Prevention" PID: AIM IPS-K9 , VID: V01 , SN: FOC11372M9X router# Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 5-6 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 151
    Removal Instructions, page 6-3 Specifications Table 6-1 lists the specifications for the AIP SSM: Table 6-1 AIP SSM Specifications Specification Description Dimensions for the 55c maximum OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 6-1
  • Cisco IPS-4255-K9 | Installation Guide - Page 152
    Color State 1 PWR Green On 2 STATUS Green Flashing Solid Description The system has power. The system is booting. The system has passed power-up diagnostics. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 6-2 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 153
    . There is network activity. There is network activity. Installation and Removal Instructions This section describes how to install and remove the AIP SSM, and which can disrupt other equipment. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 6-3
  • Cisco IPS-4255-K9 | Installation Guide - Page 154
    SSM is online using the show module 1 command. Initialize the AIP SSM. Install the most recent Cisco IPS software. Configure the AIP SSM to receive IPS traffic. For The AIP SSM is shutting down. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 6-4 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 155
    to download a recovery image. To verify the status of the AIP SSM, follow these steps: Step 1 Step 2 Log in to the adaptive security appliance. Verify the status of the AIP SSM: asa# show module 1 Mod Card Type Model Serial No. 1 ASA 5500 Series Security Services Module-20 ASA-SSM
  • Cisco IPS-4255-K9 | Installation Guide - Page 156
    ESD Environment, page 1-32. • For the procedure for verifying whether the AIP SSM is properly installed, see Verifying the Status of the AIP SSM, page 6-4. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 6-6 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 157
    the following sections: • Specifications, page 7-1 • Software and Hardware Requirements, page 7-2 • Minimum Supported the IDSM2 Configurations, page 7-2 • Using the TCP Reset Interface, page 7-3 • Front Panel Features, page 7-3 • Installation and Removal Instructions, page 7-4 • Enabling Full
  • Cisco IPS-4255-K9 | Installation Guide - Page 158
    Engine 720 • Cisco IDS software release 4.0 or later • Any Catalyst 6500 series switch chassis or 7600 router Minimum Supported the IDSM2 Configurations Note The following .2(18)SXF4 12.2(18)SXF4 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 7-2 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 159
    the Shutdown button on the faceplate and wait for the Status indicator to turn amber. The shutdown procedure may take several minutes. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 7-3
  • Cisco IPS-4255-K9 | Installation Guide - Page 160
    • For more information about supervisor engines, refer to the Catalyst 6500 Series Switch Installation Guide. • For more information on handling ESD, see Working in an ESD Environment, page 1-32. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 7-4 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 161
    Instructions IDSM2 in the Catalyst 6500 series switch, follow these steps: modules. Step 3 Remove the installation screws (use a screwdriver, if necessary) that secure the filler plate to the desired slot. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 162
    Installation and Removal Instructions Step 4 Remove the filler plate by prying it out carefully. 1 2 3 4 carrier to support it. Caution Do not touch the printed circuit boards or connector pins on the IDSM2. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 7-6
  • Cisco IPS-4255-K9 | Installation Guide - Page 163
    Removal Instructions Step 6 Place the IDSM2 in the slot by aligning the notch on the sides of the IDSM2 carrier with the groove in the slot. WS-SVC-IDSM2 STATUS INTRUSION DETECTION MODULE 1 . OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 7-7
  • Cisco IPS-4255-K9 | Installation Guide - Page 164
    Device Manager 7.0 - Installing and Using Cisco Intrusion Prevention System Manager Express 7.0 - Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 7.0 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 7-8 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 165
    48 port 10/100/1000mb RJ45 WS-X6548-GE-TX SAD073906GH 6 16 SFM-capable 16 port 1000mb GBIC WS-X6516A-GBIC SAL0740MMYJ OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 7-9
  • Cisco IPS-4255-K9 | Installation Guide - Page 166
    IDSM2 from the Catalyst 6500 series switch. Warning Only trained and qualified personnel should be allowed to install, replace, or service this equipment. Statement 1030 you could shock yourself. 7-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 167
    , place one hand under the carrier to support it. Caution Do not touch the printed part number 800-00292-01) to keep dust out of the chassis and to maintain proper airflow through the module compartment. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 168
    the IDSM2 initially boots, by default it runs a partial memory test. You can enable a full memory test in Catalyst software and Cisco IOS software. This section describes . console> (enable) 7-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 169
    , page 7-13 • Cisco IOS Software, page 7-14 Catalyst Software To reset the IDSM2 from the CLI, follow these steps: Step 1 Step 2 Log in to the console. Enter privileged mode. console> enable OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 7-13
  • Cisco IPS-4255-K9 | Installation Guide - Page 170
    . Example router# hw-module module 8 reset Device BOOT variable for reset = Warning: Device list is not verified. Proceed with reload of module? [confirm] % reset issued for module 8 router# 7-14 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 171
    sections: • Catalyst Software, page 7-15 • Cisco IOS Software, page 7-16 Catalyst Software Once module power up module_number Power down the IDSM2. console> (enable) set module power down module_number OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 172
    terminal mode. router# configure terminal Power up the IDSM2. router(config)# power enable module module_number Power down the IDSM2. router(config)# no power enable module module_number 7-16 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 173
    ° to +104°F (+0° to +40°C) -40° to +185°F (-40° to +85°C) 5% to 95% noncondensing 0 to 10,000 ft (0 to 3,000 m) 2 GB 512 MB OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 8-1
  • Cisco IPS-4255-K9 | Installation Guide - Page 174
    command in the module CLI. • Supported routers: - Cisco 2800 series (2811, 2821, and 2851) - Cisco 3800 series (3825 and 3845) Note The Cisco routers support up to one NME IPS per platform. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 8-2 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 175
    Modules • Supported Cisco IOS Feature Sets: - Cisco IOS Advanced Security - Cisco IOS Advanced IP Services - Cisco IOS Advanced Enterprise Services Interoperability With Other IPS Modules Caution You cannot upgrade an NM CIDS to an NME IPS. The Cisco access routers only support one IDS/IPS module
  • Cisco IPS-4255-K9 | Installation Guide - Page 176
    as inline or promiscuous using the Cisco IOS CLI. 4 The NME IPS interface to external link (Management0/1) Configure the command and control interface using the IPS CLI, IDM, IME, or CSM. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 8-4 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 177
    Device Manager 7.0 - Installing and Using Cisco Intrusion Prevention System Manager Express 7.0 - Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 7.0 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 8-5
  • Cisco IPS-4255-K9 | Installation Guide - Page 178
    , VID: C , SN: 00000MTC101608RB NAME: "Cisco Intrusion Prevention System NM on Slot 2", DESCR: "Cisco Intrusion Prevention System NM" PID: NME IPS-K9 , VID: V01, SN: FHH1117001R router# Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 8-6 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 179
    is intended to be used for support and troubleshooting purposes only. Unauthorized modifications are not supported and will require this device to be re-imaged to guarantee proper operation OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 9-1
  • Cisco IPS-4255-K9 | Installation Guide - Page 180
    laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to [email protected]. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 9-2 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 181
    Chapter 9 Logging In to the Sensor Connecting an Appliance to a Terminal Server ***LICENSE NOTICE*** There is no license key installed on the system. Please go to http://www.cisco.com/go/license to obtain a new license or install a license. IPS 4240# For More Information • For the procedure for
  • Cisco IPS-4255-K9 | Installation Guide - Page 182
    that the speed is set to 115200/bps. For More Information For the procedure for configuring an unnumbered IP address interface for the AIM IPS, refer to Using an Unnumbered IP Address Interface. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 9-4 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 183
    .196 Mgmt web ports: 443 Mgmt TLS enabled: true Step 3 router# Open a session from the router to the AIM IPS. router# service-module ids-sensor 0/1 session Trying 10.89.148.196, 2322 ... Open OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 9-5
  • Cisco IPS-4255-K9 | Installation Guide - Page 184
    1 Log in to the adaptive security appliance. Note If the adaptive security appliance is operating in multi-mode, use the change system command to get to the system level prompt before continuing. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 9-6 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 185
    the procedure for using the setup command to initialize the AIP SSM, see Advanced Setup for the AIP SSM, page 10-16. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 9-7
  • Cisco IPS-4255-K9 | Installation Guide - Page 186
    www.cisco.com/go/license to obtain a new license or install a license. IDSM2# For More Information For the procedure for using the setup command to initialize the IDSM2, see Advanced Setup for the IDSM2, page 10-20. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 187
    . When you issue the service-module ids-sensor slot/port session command, you create a console session with the NME IPS, in which you can issue any IPS configuration commands. After completing work in the session and exiting the IPS CLI, you are returned to the Cisco IOS CLI. The session command
  • Cisco IPS-4255-K9 | Installation Guide - Page 188
    .195 Mgmt web ports: 443 Mgmt TLS enabled: true Step 3 router# Open a session from the router to the NME IPS. router# service-module ids-sensor 1/0 session Trying 10.89.148.195, 2322 ... Open 9-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504
  • Cisco IPS-4255-K9 | Installation Guide - Page 189
    the sensor over the network using SSH or Telnet. ssh sensor_ip_address telnet sensor_ip_address Enter your username and password at the login prompt. login: ****** Password: ****** ***NOTICE*** OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 9-11
  • Cisco IPS-4255-K9 | Installation Guide - Page 190
    email to [email protected]. ***LICENSE NOTICE*** There is no license key installed on the system. Please go to http://www.cisco.com/go/license to obtain a new license or install a license. sensor# 9-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504
  • Cisco IPS-4255-K9 | Installation Guide - Page 191
    successfully completed. • If you have recovered or downgraded the sensor. • If you have set the host configuration to default after successfully configuring the sensor using automatic setup. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 10-1
  • Cisco IPS-4255-K9 | Installation Guide - Page 192
    prompt. Default settings are in square brackets '[]'. Current time: Thu Jan 15 21:19:51 2009 Setup Configuration last modified: Enter host name[sensor]: Enter IP interface[192.168.1.2/24,192.168.1.1]: 10-2 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 193
    Level = "Full" additionally includes: * Type of Data: Victim IP Address and port Purpose: Detect threat behavioral patterns Do you agree to participate in the SensorBase Network?[no]: OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 10-3
  • Cisco IPS-4255-K9 | Installation Guide - Page 194
    to operate. a. Enter yes to add a DNS server, and then enter the DNS server IP address. b. Enter yes to add an HTTP proxy server, and then enter the HTTP proxy server IP address and port number. 10-4 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 195
    the Sensor Basic Sensor Setup Caution You must have a valid sensor license for Global Correlation features to function. You can still configure and of the Prime Meridian). The default is 0. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 10-5
  • Cisco IPS-4255-K9 | Installation Guide - Page 196
    day-of-week sunday time-of-day 02:00:00 exit exit ntp-option enabled ntp-keys 1 md5-key 8675309 ntp-servers 10.89.143.92 key-id 1 exit service global-correlation network-participation full exit 10-6 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 197
    connect to this appliance with a web browser. Apply the most recent service pack and signature update. You are now ready to configure your sensor for intrusion prevention. For More Information • For the procedure for obtaining the most recent IPS software, see Obtaining Cisco IPS Software, page 11
  • Cisco IPS-4255-K9 | Installation Guide - Page 198
    Virtual Sensor: vs2 Anomaly Detection: ad0 Event Action Rules: rules0 Signature Definitions: sig0 [1] Edit Interface Configuration [2] Edit Virtual Sensor Configuration [3] Display configuration Option: 10-8 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 199
    can configure another interface, for example, GigabitEthernet0/1, for inline VLAN pair. Step 13 Press Enter to return to the top-level interface editing menu. [1] Remove interface configurations. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 10
  • Cisco IPS-4255-K9 | Installation Guide - Page 200
    default-vlan. Option: Step 17 Press Enter to return to the top-level editing menu. [1] Edit Interface Configuration [2] Edit Virtual Sensor Configuration [3] Display configuration Interface: 10-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 201
    300 no login-banner-text exit time-zone-settings offset 0 standard-time-zone-name UTC exit summertime-option disabled ntp-option disabled exit service web-server port 342 exit service interface OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 10-11
  • Cisco IPS-4255-K9 | Installation Guide - Page 202
    service analysis-engine virtual-sensor newVs description Created via setup by user cisco configuration and exit setup. Step 27 Enter 2 to save the configuration. Enter your selection[2]: 2 Configuration Saved. 10-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 203
    5 sensor login: cisco Password: ******** Enter the setup command. The System Configuration Dialog is displayed. Enter 3 to access advanced setup. Specify the Telnet server status. You can disable or enable Telnet services. The default is disabled. Specify the web server port. The web server port
  • Cisco IPS-4255-K9 | Installation Guide - Page 204
    to exit the interface and virtual sensor configuration menu. Modify default threat prevention settings?[no]: Step 11 Enter yes if you want to modify the default threat prevention settings. 10-14 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 205
    2 Configuration Saved. Step 14 Reboot the AIM IPS. AIM IPS# reset Warning: Executing this command will stop all applications and reboot the node. Continue with reset? []: Step 15 Enter yes to continue the reboot. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation
  • Cisco IPS-4255-K9 | Installation Guide - Page 206
    Rules: rules0 Signature Definitions: sig0 [1] Edit Interface Configuration [2] Edit Virtual Sensor Configuration [3] Display configuration Option: Enter 1 to edit the interface configuration. 10-16 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 207
    . Step 12 Press Enter to return to the main virtual sensor menu. Step 13 Enter 3 to create a virtual sensor. Name[]: Step 14 Enter a name and description for your virtual sensor. Name[]: newVs OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 10-17
  • Cisco IPS-4255-K9 | Installation Guide - Page 208
    to exit the interface and virtual sensor configuration menu. Modify default threat prevention settings?[no]: Step 20 Enter yes if you want to modify the default threat prevention settings. 10-18 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 209
    without saving this config. [2] Save this configuration and exit setup. Step 22 Enter 2 to save the configuration. Enter your selection[2]: 2 Configuration Saved. Step 23 Reboot the AIP SSM. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 10-19
  • Cisco IPS-4255-K9 | Installation Guide - Page 210
    80 does not disable the encryption. Step 6 Enter yes to modify the interface and virtual sensor configuration. Current interface configuration Command control: GigabitEthernet0/2 Unassigned: 10-20 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 211
    : [1] All unassigned vlans. [2] Enter vlans range. Option: b. Enter 1 to assign all unassigned VLANs to subinterface 10. Subinterface Number: c. Enter 9 to add subinterface 9. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 10-21
  • Cisco IPS-4255-K9 | Installation Guide - Page 212
    /8:9 (Vlans: 1-100) Add Interface: Step 15 Press Enter to return to the top-level virtual sensor configuration menu. Virtual Sensor: vs0 Anomaly Detection: ad0 Event Action Rules: rules0 10-22 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 213
    configuration was entered. service host network-settings host-ip 10.1.9.201/24,10.1.9.1 host-name IDSM2 telnet-option disabled ftp-timeout 300 no login-banner-text exit time-zone-settings offset 0 standard-time-zone-name UTC exit summertime-option disabled ntp-option disabled exit service web-server
  • Cisco IPS-4255-K9 | Installation Guide - Page 214
    Device Manager 7.0 - Installing and Using Cisco Intrusion Prevention System Manager Express 7.0 - Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 7.0 10-24 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 215
    5 sensor login: cisco Password: ******** Enter the setup command. The System Configuration Dialog is displayed. Enter 3 to access advanced setup. Specify the Telnet server status. You can disable or enable Telnet services. The default is disabled. Specify the web server port. The web server port
  • Cisco IPS-4255-K9 | Installation Guide - Page 216
    sensors; otherwise, press Enter to accept the default of no. The following configuration was entered. service host network-settings host-ip 192.168.1.2/24,192.168.1.1 host-name NME IPS disabled 10-26 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 217
    Device Manager 7.0 - Installing and Using Cisco Intrusion Prevention System Manager Express 7.0 - Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 7.0 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 10-27
  • Cisco IPS-4255-K9 | Installation Guide - Page 218
    offset -480 standard-time-zone-name PST exit exit service logger exit service network-access exit service notification exit service signature-definition sig0 exit 10-28 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 219
    the authenticity of the certificate when connecting to this sensor with a web browser. For More Information For the procedure for using HTTPS to log in to IDM, refer to Logging In to IDM. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 10-29
  • Cisco IPS-4255-K9 | Installation Guide - Page 220
    Verifying Initialization Chapter 10 Initializing the Sensor 10-30 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 221
    only be upgraded under instructions from Cisco with BIOS files obtained from the Cisco website. Installing a non-Cisco or third-party BIOS on Cisco IPS sensors voids the warranty. Obtaining Cisco IPS Software Note You must be logged in to Cisco.com and have an IPS subscription service license to
  • Cisco IPS-4255-K9 | Installation Guide - Page 222
    features, service pack fixes, and signature updates) plus any new changes. Major update 7.0(1) requires 5.1(6) and later. With each major update there are corresponding system and recovery packages. 11-2 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 223
    7.0(1). Note Upgrading to a newer patch does not require you to uninstall the old patch. For example, you can upgrade from patch 7.0(1p1) to 7.0(1p2) without first uninstalling 7.0(1p1). OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 11-3
  • Cisco IPS-4255-K9 | Installation Guide - Page 224
    Signature/Virus Updates, IPS-[sig]-[S]-req-E1.pkg Product line designator Package type Signature update Software version requirement designator Required engine version File extension 191014 11-4 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 225
    crypto designator Package type Installer major version Installer minor version Application version designator Application version File extension IPS-K9-[mfq,sys,r,]-x.y-a-*.img or pkg 191015 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 11-5
  • Cisco IPS-4255-K9 | Installation Guide - Page 226
    Identifier sys Maintenance Annually mp partition image2 Supported Platform Example Filename Separate file IPS 4240-K9-sys-1.1-a-7.0-1-E3.img for each sensor platform IDSM2 c6svc-mp.2-1-2.bin.gz 11-6 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 227
    IPS 4240 series IPS 4255 series IPS 4260 series IPS 4270-20 series IDS module for Catalyst 6K IPS network module adaptive security appliance modules Identifier 4240 4255 4260 4270_20 IDSM2 AIM NME SSM_10 SSM_20 SSM_40 For More Information For instructions on how to access these files on Cisco.com
  • Cisco IPS-4255-K9 | Installation Guide - Page 228
    AIP SSM, reimage from the adaptive security appliance using the hw-module module 1 recover configure/boot command. Caution When you install the system image for your sensor, all accounts are removed and the default account and password are reset to cisco. For More Information • For the procedure for
  • Cisco IPS-4255-K9 | Installation Guide - Page 229
    Upgrade-Contains hardware installation and regulatory guides. • Configure-Contains configuration guides for IPS CLI, IDM, and IME. • Troubleshoot and Alerts-Contains TAC tech notes and field notices. Cisco Security Intelligence Operations The Cisco Security Intelligence Operations site on Cisco.com
  • Cisco IPS-4255-K9 | Installation Guide - Page 230
    and password Trial license keys are also available. If you cannot get your sensor licensed because of problems with your contract, you can obtain a 60-day trial license that supports signature updates that require licensing. You can obtain a license key from the Cisco.com licensing server, which
  • Cisco IPS-4255-K9 | Installation Guide - Page 231
    the License Key Using IDM or IME Note In addition to a valid Cisco.com username and password, you must also have a Cisco Services for IPS service contract before you can apply for a license key. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 11
  • Cisco IPS-4255-K9 | Installation Guide - Page 232
    and click Open. Click Update License. For More Information For more information about obtaining a Cisco Services for IPS service contract, see Service Programs for IPS Products, page 11-11. 11-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 233
    before you can apply for a license key. Step 2 Fill in the required fields. Your Cisco IPS Signature Subscription Service license key will be sent by e-mail to the e-mail address you specified. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 11-13
  • Cisco IPS-4255-K9 | Installation Guide - Page 234
    -Apr-2010 sensor# Copy your license key from a sensor to a server to keep a backup copy of the license. sensor# copy license-key scp://[email protected]://tftpboot/dev.lic Password: ******* sensor# 11-14 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504
  • Cisco IPS-4255-K9 | Installation Guide - Page 235
    Obtaining a License Key From Cisco.com For More Information • For the procedure for adding a remote host to Cisco Services for IPS service contract, see Service Programs for IPS Products, page 11-11. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 236
    Obtaining a License Key From Cisco.com Chapter 11 Obtaining Software 11-16 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 237
    reset to use the default password cisco. After installing the system image, you must initialize the sensor again. After you reimage and initialize your sensor, upgrade your sensor with the most recent service pack, signature update, signature engine update, minor update, major update, and recovery
  • Cisco IPS-4255-K9 | Installation Guide - Page 238
    IPS 7.0 Upgrade Files The following files are part of Cisco IPS 7.0(1)E3: • Readme - IPS-7.0-1-E3.readme.txt • Major Version Upgrade File - IPS-K9-7.0-1-E3.pkg - IPS-AIM-K9-7.0-1-E3.pkg - IPS-NME-K9-7.0-1-E3.pkg 12-2 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 239
    ]//absoluteDirectory]/filename Note You are prompted for a password. - http:-Source URL for the web server. The syntax for this prefix is: http:[[//username@] location]/directory] filename OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 12-3
  • Cisco IPS-4255-K9 | Installation Guide - Page 240
    , enter the following: sensor(config)# upgrade ftp://username@ip_address//directory/IPS-K9-7.0-1-E3.pkg Enter the password when prompted. Enter password: ******** Enter yes to complete the upgrade. 12-4 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504
  • Cisco IPS-4255-K9 | Installation Guide - Page 241
    the recovery partition. Step 2 Step 3 Step 4 Log in to the CLI using an account with administrator privileges. Enter configuration mode. sensor# configure terminal Upgrade the recovery partition. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 242
    /HTTPS servers, see Supported FTP and HTTP/HTTPS Servers, page 12-2. • For the procedure for locating software on Cisco.com, see Obtaining Cisco IPS Software, page 11-1. • For the procedure for using the recover command, see Using the recover Command, page 12-12. Configuring Automatic Upgrades This
  • Cisco IPS-4255-K9 | Installation Guide - Page 243
    host submode to configure automatic upgrades. The following options apply: • cisco-server-Enables automatic signature and engine updates from Cisco.com. • cisco-url-The Cisco server locator service. You do not need to change this unless the www.cisco.com IP address changes. • default- Sets the value
  • Cisco IPS-4255-K9 | Installation Guide - Page 244
    -hos-ena)# file-copy-protocol ftp Note If you use SCP, you must use the ssh host-key command to add the server to the SSH known hosts list so the sensor can communicate with it through SSH. 12-8 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 245
    ftp default: scp sensor(config-hos-ena)# Exit automatic upgrade submode. sensor(config-hos-ena)# exit sensor(config-hos)# exit Apply Changes:?[yes]: Press Enter to apply the changes or type no to discard them. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide
  • Cisco IPS-4255-K9 | Installation Guide - Page 246
    Configuring Automatic Upgrades Chapter 12 Upgrading, Downgrading, and Installing System Images For More Information • For a list of supported FTP and HTTP/HTTPS servers, see Supported FTP and HTTP/HTTPS Servers, page 12-2. • For the procedure for adding a remote host to the trusted hosts list, for
  • Cisco IPS-4255-K9 | Installation Guide - Page 247
    mode. sensor# configure terminal If there is no recently applied service pack or signature update, the downgrade command is not available. sensor(config)# downgrade No downgrade available. sensor(config)# OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 248
    are installed at remote locations. Note When you reconnect to the sensor after recovery, you must log in with the default username and password cisco. For More Information For the procedure for upgrading the recovery partition to the most recent version, see Upgrading the Recovery Partition, page 12
  • Cisco IPS-4255-K9 | Installation Guide - Page 249
    trying to recover the sensor by installing the system image, try to recover by using the recover application-partition command or by selecting the recovery partition during sensor bootup. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 12-13
  • Cisco IPS-4255-K9 | Installation Guide - Page 250
    , a Cisco-standard asynchronous RS-232C DTE available in an RJ-45F connector on the sensor chassis. The serial port is configured for 9600 baud, 8 data bits, 1 stop bit, no parity, and no flow control. For More Information For the procedure for using a terminal server, see Connecting an Appliance to
  • Cisco IPS-4255-K9 | Installation Guide - Page 251
    ROMMON on the appliance to TFTP the system image onto the compact flash device. To install the IPS 4240 and IPS 4255 system image, follow these steps: Step 1 Download the IPS 4240 system image file (IPS 4240-K9-sys-1.1-a-6.27.0-1-E3.img) to the tftp root directory of a TFTP server that is accessible
  • Cisco IPS-4255-K9 | Installation Guide - Page 252
    02 8086 25A3 IDE Controller 11 00 1F Cisco Systems ROMMON Version (1.0(5)0) #1: Tue Sep 14 12:20:30 PDT 2004 Platform IPS 4240-K9 SERVER=0.0.0.0 GATEWAY=0.0.0.0 PORT=Management0/0 VLAN=untagged IMAGE= CONFIG= 12-16 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 253
    enter the IMAGE command in all uppercase. You can enter the other ROMMON commands in either lower case or upper case, but the IMAGE command specifically must be all uppercase. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 12-17
  • Cisco IPS-4255-K9 | Installation Guide - Page 254
    K9-sys-1.1-a-7.0-1-E3.img) to the tftp root directory of a TFTP server that is accessible from your IPS 4260. Make sure you can access the TFTP server location from the network connected to your IPS 4260 Ethernet port. Boot the IPS 4260. 12-18 Cisco Intrusion Prevention System Appliance and Module
  • Cisco IPS-4255-K9 | Installation Guide - Page 255
    Ethernet port. rommon> ping server_ip_address rommon> ping server Specify the path and filename on the TFTP file server from which you are downloading the image. rommon> file path/filename OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 12-19
  • Cisco IPS-4255-K9 | Installation Guide - Page 256
    :04 CDT 2007 ft_id_update: Invalid ID-PROM Controller Type (0x5df) ft_id_update: Defaulting to Controller Type (0x5c2) Note The controller type errors are a known issue and can be disregarded. 12-20 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 257
    assigned to the IPS 4270-20. Step 6 Step 7 If necessary, assign the TFTP server IP address. rommon> SERVER=ip_address If necessary, assign the gateway IP address. rommon> GATEWAY=ip_address OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 12-21
  • Cisco IPS-4255-K9 | Installation Guide - Page 258
    Information • For a list of supported TFTP servers, see Supported TFTP Servers, page 12-14. • For the procedure for locating software on Cisco.com, see Obtaining Cisco IPS Software, page 11-1. 12-22 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 259
    to operate as a TFTP server. router# copy tftp: flash: router# configure terminal router(config)# tftp-server flash:IPS-AIM-K9-sys-1.1-7.0-1-E3.img router(config)# exit router# Disable the heartbeat reset. router# service-module IDS-Sensor 0/slot_number heartbeat-reset disable Note Disabling the
  • Cisco IPS-4255-K9 | Installation Guide - Page 260
    Exit and reset card x - Exit Selection [123rx] Download recovery image via tftp and install on USB Drive TFTP server [10.1.9.1]> full pathname of recovery image []:IPS-AIM-K9-sys-1.1-7.0-1-E3.img 12-24 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504
  • Cisco IPS-4255-K9 | Installation Guide - Page 261
    the heartbeat reset. router# service-module IDS-sensor 0/slot_number heartbeat-reset enable For More Information • For a list of supported TFTP servers, see Supported TFTP Servers, page 12-14. • For the procedure for obtaining the most recent IPS software, see Obtaining Cisco IPS Software, page
  • Cisco IPS-4255-K9 | Installation Guide - Page 262
    hw-module module 1 recover stop command to stop the system reimaging and then you can correct the configuration. Step 4 Specify the TFTP URL for the system image. Image URL [tftp://0.0.0.0/]: Example 12-26 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 263
    it is complete. Note The status reads Recovery during recovery and reads Up when reimaging is complete. asa# show module 1 Mod Card Type Model Serial No. 0 ASA 5540 Adaptive Security Appliance ASA5540 P2B00000019 1 ASA 5500 Series Security Services Module-20 ASA-SSM-20 P1D000004F4 Mod
  • Cisco IPS-4255-K9 | Installation Guide - Page 264
    1 Step 2 Download the IDSM2 system image file (IPS-IDSM2-K9-sys-1.1-a-7.0-1-E3.bin.gz) to the FTP root directory of an FTP server that is accessible from your IDSM2. Log in to the switch CLI. 12-28 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 265
    to the maintenance partition CLI. login: guest Password: cisco Note You must configure the maintenance partition on the IDSM2. Step 5 Install the system image. [email protected]# upgrade ftp://user@ftp server IP/directory path/IPS-IDSM2-K9-sys-1.1-a-7.0-1-E3.bin.gz Step 6 Specify the
  • Cisco IPS-4255-K9 | Installation Guide - Page 266
    a list of supported FTP and HTTP/HTTPS servers, see Supported FTP and HTTP/HTTPS Servers, page 12-2. • For the procedure for locating software on Cisco.com, see Obtaining Cisco IPS Software, page 11-1. 12-30 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 267
    ip IP address : 10.89.149.74 Subnet Mask : 255.255.255.128 IP Broadcast : 10.255.255.255 DNS Name : idsm2.localdomain Default Gateway : 10.89.149.126 Nameserver(s) : [email protected]# OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 268
    of Pentium-class Processors : 2 BIOS Vendor: Phoenix Technologies Ltd. BIOS Version: 4.0-Rel 6.0.9 Total available memory: 2012 MB Size of compact flash: 61 MB Size of hard disk: 19077 MB 12-32 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 269
    This may take several minutes... Password for [email protected]: 500 'IPS-IDSM2-K9-sys-1.1-a-6.2-1-E3.bin.gz': command not understood. ftp://[email protected]//RELEASES/Latest/6.2-1/IPS-IDSM2-K9-sys-1.1-a-6.2-1-E3.bin.gz (unknown size) /tmp/upgrade.gz [|] 28616K 29303086 bytes transferred
  • Cisco IPS-4255-K9 | Installation Guide - Page 270
    The system is going down for system halt NOW !! console> (enable)# For More Information For a list of supported FTP and HTTP/HTTPS servers, see Supported FTP and HTTP/HTTPS Servers, page 12-2. 12-34 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 271
    # show ip IP address : 0.0.0.0 Subnet Mask : 0.0.0.0 IP Broadcast : 0.0.0.0 DNS Name : localhost.localdomain Default Gateway : 0.0.0.0 Nameserver(s) : [email protected]# OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 12
  • Cisco IPS-4255-K9 | Installation Guide - Page 272
    Password for [email protected]: 500 'SIZE IPS-IDSM2-K9-sys-1.1-a-6.2-1.bin.gz': command not understood. ftp://[email protected]//RELEASES/Latest/6.1-1/IPS-IDSM2-K9-sys-1.1-a-6.2-1-E3.img (unknown size) /tmp/upgrade.gz [|] 28616K 12-36 Cisco Intrusion Prevention System Appliance and Module
  • Cisco IPS-4255-K9 | Installation Guide - Page 273
    . You can boot the image now. Partition upgraded successfully [email protected]# Step 13 Clear the upgrade log. [email protected]# clear log upgrade Cleared log file successfully OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 12-37
  • Cisco IPS-4255-K9 | Installation Guide - Page 274
    an FTP server that is accessible from your IDSM2. Session to the IDSM2 from the switch. console>(enable) session slot_number Log in to the IDSM2 CLI. Enter configuration mode. idsm2# configure terminal 12-38 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 275
    of supported FTP and HTTP/HTTPS servers, see Supported FTP and HTTP/HTTPS Servers, page 12-2. • For the procedure for locating software on Cisco.com, see Obtaining Cisco IPS Software, page 11-1. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 12
  • Cisco IPS-4255-K9 | Installation Guide - Page 276
    to operate as a TFTP server. router# copy tftp: flash: router# configure terminal router(config)# tftp-server flash:IPS-NME-K9-sys-1.1-7.0-1-E3.img router(config)# exit router# Disable the heartbeat reset. router# service-module ids-sensor 1/0 heartbeat-reset disable Note Disabling the heartbeat
  • Cisco IPS-4255-K9 | Installation Guide - Page 277
    .89.148.195]> Subnet mask [255.255.255.0]> TFTP server [10.89.150.74]> Gateway [10.89.148.254]> Default boot [disk]> Number cores [2]> ServicesEngine boot-loader > upgrade Cisco Systems, Inc. Services engine upgrade utility for NM-IPS ----- Main menu 1 - Download application image and write to
  • Cisco IPS-4255-K9 | Installation Guide - Page 278
    router CLI, clear the session. router# service-module interface ids-sensor 1/0 session clear Step 15 Enable the heartbeat reset. router# service-module IDS-sensor 1/0 heartbeat-reset enable 12-42 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 279
    Maintenance, page A-2 • Disaster Recovery, page A-6 • Recovering the Password, page A-7 • Time and the Sensor, page A-16 • Advantages and Restrictions of Virtualization, page A-18 • Supported MIBs, page A-19 • When to Disable Anomaly Detection, page A-20 • Troubleshooting Global Correlation, page
  • Cisco IPS-4255-K9 | Installation Guide - Page 280
    the a configuration file, see Backing Up and Restoring the Configuration File Using a Remote Server, page A-3. • For more information about the service account, see Creating the Service Account, page A-5. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-2 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 281
    • Overwrite the current configuration with the backup configuration. sensor# copy /erase backup-config current-config Backing Up and Restoring the Configuration File Using a Remote Server Note We recommend copying the current configuration file to a remote server before upgrading. Use the copy
  • Cisco IPS-4255-K9 | Installation Guide - Page 282
    a password. If you use SCP protocol, you must also add the remote host to the SSH known hosts list. • http:-Source URL for the web server. current configuration to a backup configuration. cfg 100 36124 00:00 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0
  • Cisco IPS-4255-K9 | Installation Guide - Page 283
    . However, you can use the service account to create a password if the administrator password is lost. Analyze your situation to decide if you want a service account existing on the system. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-5
  • Cisco IPS-4255-K9 | Installation Guide - Page 284
    copied configuration only to a sensor of the same version. • You also need the list of user IDs that have been used on that sensor. The list of user IDs and passwords are not saved in the configuration. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-6 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 285
    , try the following: 1. Reimage the sensor. 2. Log in to the sensor with the default user ID and password-cisco. Note You are prompted to change the cisco password. 3. Initialize the sensor. 4. Upgrade the sensor to the IPS software version it had when the configuration was last saved and copied
  • Cisco IPS-4255-K9 | Installation Guide - Page 286
    the GRUB menu appears, press any key to pause the boot process. Note You must have a terminal server or direct serial connection to the appliance to use the GRUB menu to recover the password. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-8 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 287
    Chapter A Troubleshooting Recovering the Password To recover the password on appliances, follow these steps: Step 1 Reboot the appliance to see the GRUB menu. GNU GRUB version 0.94 (632K lower / 523264K upper memory 0: Cisco IPS 1: Cisco IPS Recovery 2: Cisco IPS Clear Password (cisco Use
  • Cisco IPS-4255-K9 | Installation Guide - Page 288
    AIP SSM Password You can reset the password to the default (cisco) for the AIP SSM using the CLI or the ASDM. Resetting the password causes it to reboot. IPS services are not available during a reboot. A-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 289
    A Troubleshooting Recovering the Password Note To reset the password, you must have ASA 7.2.2 or later. Use the hw-module module slot_number password-reset command to reset the password to the default cisco. If the module in the specified slot has an IPS version that does not support password
  • Cisco IPS-4255-K9 | Installation Guide - Page 290
    displays the success or failure of the password reset. If the reset fails, make sure you have the correct ASA and IPS software versions. Click Close to close the dialog box. The sensor reboots. A-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 291
    IPS 7.x, download WS-SVC-IDSM2-K9-a-7.0-password-recovery.bin.gz. FTP is the only supported protocol for image installations, so make sure you put the password recovery image file on an FTP server that is accessible to the switch. You must have administrative access to the Cisco 6500 series switch
  • Cisco IPS-4255-K9 | Installation Guide - Page 292
    privileges. Enter global configuration mode. sensor# configure terminal Enter host mode. sensor(config)# service host Disable password recovery. sensor(config-hos)# password-recovery disallowed A-14 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 293
    see the following message: Upgrading will wipe out the contents on the storage media. You can ignore this message. Only the password is reset when you use the specified password recovery image. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-15
  • Cisco IPS-4255-K9 | Installation Guide - Page 294
    the default. The UTC time is synchronized between the parent router and the AIM IPS and the NME IPS. The time zone and summertime settings are not synchronized between the parent router and the AIM IPS and the NME IPS. A-16 Cisco Intrusion Prevention System Appliance and Module Installation Guide
  • Cisco IPS-4255-K9 | Installation Guide - Page 295
    are synchronized to an external NTP server. If only the module clock or only the parent chassis clock is synchronized to an NTP server, the time drift occurs. Verifying the Sensor is Synchronized with the NTP Server In IPS, you cannot apply an incorrect NTP configuration, such as an invalid NTP key
  • Cisco IPS-4255-K9 | Installation Guide - Page 296
    To avoid configuration problems on your sensor, make sure you understand the advantages and restrictions of virtualization on your sensor. Note The AIM IPS and the NME IPS do not support virtualization. A-18 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 297
    IPS 4240 • IPS 4255 • IPS 4260 • IPS 4270-20 • AIP SSM • IDSM2 (with the exception of VLAN groups on inline interface pairs) Supported MIBs To avoid problems with configuring SNMP, be aware of the MIBs that are supported on the sensor. The following private MIBs are supported on the sensor: • CISCO
  • Cisco IPS-4255-K9 | Installation Guide - Page 298
    through the sensor management interface, firewalls must allow port 443/80 traffic. • You must have an HTTP proxy server or a DNS server configured to allow global correlation features to function. A-20 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504
  • Cisco IPS-4255-K9 | Installation Guide - Page 299
    HTTP Proxy server to support global correlation, for IDM refer to Configuring Network Settings, for IME refer to Configuring Network Settings, and for the CLI, refer to Configuring the DNS and Proxy Servers for Global Correlation. • For the procedure for obtaining and installing the IPS license key
  • Cisco IPS-4255-K9 | Installation Guide - Page 300
    see the quarantined hosts. • The sensor must recognize each CSA MC host X.509 certificate. You must add them as a trusted host. • You can configure a maximum of two external product devices. A-22 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 301
    to troubleshoot the appliance. It contains the following topics: • Hardware Bypass and Link Changes and Drops, page A-24 • Troubleshooting Loose Connections, page A-24 • Analysis Engine is Busy, page A-25 • Connecting the IPS 4240 to a Cisco 7200 Series Router, page A-25 • Communication Problems
  • Cisco IPS-4255-K9 | Installation Guide - Page 302
    A Troubleshooting Hardware Bypass and Link Changes and Drops Note Hardware bypass is available on the 4GE bypass interface card, which is supported on IPS 4260 and IPS 4270-20. Properly configuring and deploying hardware bypass protects against complete link failure if the IPS appliance experiences
  • Cisco IPS-4255-K9 | Installation Guide - Page 303
    before trying to make configuration changes. Use the show statistics virtual-sensor command to find out when Analysis Engine is available again. Connecting the IPS 4240 to a Cisco 7200 Series Router When an IPS 4240 is connected directly to a 7200 series router and both the IPS 4240 and the router
  • Cisco IPS-4255-K9 | Installation Guide - Page 304
    Troubleshooting the Appliance Chapter A Troubleshooting Communication Problems This section helps you troubleshoot communication problems with the 4200 series sensor. It contains the following topics: • Cannot Access the Sensor CLI Through Telnet or SSH, page A-26 • Correcting a Misconfigured
  • Cisco IPS-4255-K9 | Installation Guide - Page 305
    .1 host-name sensor telnet-option enabled access-list 0.0.0.0/0 ftp-timeout 300 no login-banner-text exit --MORE-- If the workstation network address is permitted in the sensor access list, go to Step 6. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 306
    -name: sensor-238 default: sensor telnet-option: enabled default: disabled access-list (min: 0, max: 512, current: 3 network-address: 10.0.0.0/8 network-address: 64.0.0.0/8 network-address: 171.69.70.0/24 A-28 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 307
    :
  • Cisco IPS-4255-K9 | Installation Guide - Page 308
    Platform: ASA-SSM-20 Serial Number: JAB0948035P License expired: 11-Apr-2008 UTC Sensor up-time is 7 days. Using 1018015744 out of 2093600768 bytes of available memory (48% usage) A-30 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 309
    Upgrade History: IPS-K9-7.0-1-E3 01:16:00 UTC Fri Apr 25 2008 Recovery Partition Version 1.1 - 7.0(1)E3 Host Certificate Valid from: 29-Jun-2008 to 30-Jun-2010 sensor -0500 Upgrade History: OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-31
  • Cisco IPS-4255-K9 | Installation Guide - Page 310
    Troubleshooting the Appliance Chapter A Troubleshooting Step 5 IPS-K9-7.0-1-E3 01:16:00 UTC Fri Apr 25 2008 Recovery Partition Version 1.1 - 7.0(1)E3 Host Certificate Valid from: 29-Jun-2008 to 30-Jun-2010 sensor# If you do not have the latest software updates, download them from Cisco.com. Read
  • Cisco IPS-4255-K9 | Installation Guide - Page 311
    time you configure a signature, the new configuration overwrites the old one, so make sure you have configured all the event actions you want for each signature. • Make sure the sensor is seeing packets OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 312
    Total Bytes Transmitted = 3441000 Total Multicast Packets Transmitted = 0 Total Broadcast Packets Transmitted = 0 Total Jumbo Packets Transmitted = 0 Total Undersize Packets Transmitted = 0 A-34 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 313
    Undersize Packets Transmitted = 0 Total Transmit Errors = 0 Total Transmit FIFO Overruns = 0 sensor# If the interfaces are not up, do the following: • Check the cabling. • Enable the interface. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-35
  • Cisco IPS-4255-K9 | Installation Guide - Page 314
    Troubleshooting the Appliance Chapter A Troubleshooting Step 4 sensor# configure terminal sensor(config)# service interface sensor(config-int)# physical-interfaces GigabitEthernet0/1 sensor(config-int-phy)# admin-state enabled sensor(config-int-phy)# show settings name:
  • Cisco IPS-4255-K9 | Installation Guide - Page 315
    , page A-41 • Verifying the Interfaces and Directions on the Network Device, page A-43 • Enabling SSH Connections to the Network Device, page A-43 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-37
  • Cisco IPS-4255-K9 | Installation Guide - Page 316
    the Appliance Chapter A Troubleshooting • Blocking Not Occurring for a Signature, page A-44 • Verifying the Master Blocking Sensor Configuration, page A-45 Troubleshooting Blocking Note ARC was formerly known as Network Access Controller. Although the name has been changed since IPS 5.1, it
  • Cisco IPS-4255-K9 | Installation Guide - Page 317
    Current Configuration LogAllBlockEventsAndSensors = true EnableNvramWrite = false EnableAclLogging = false AllowSensorBlock = false BlockMaxEntries = 250 MaxDeviceInterfaces = 250 NetDevice Type = Cisco OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 318
    -04-18T08:05 2009-04-18T08:05 Upgrade History: IPS-K9-7.0-1-E3 08:00:00 UTC Sat Apr 18 2009 Recovery Partition Version 1.1 - 7.0(1)E3 Host Certificate Valid from: 16-Apr-2009 to 17-Apr-2011 A-40 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 319
    allow-sensor-block: false block-enable: true block-max-entries: 250 max-interfaces: 250 master-blocking-sensors (min: 0, max: 100, current: 0) OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 320
    device to verify the configuration. c. Make sure you can reach the device. d. Verify the username and password. Verify that each interface and direction on each network device is correct. A-42 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 321
    sensor# configure terminal sensor(config)# service network-access sensor(config-net)# general Start the manual block of the bogus host IP address. sensor configuration mode: sensor# configure terminal OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0
  • Cisco IPS-4255-K9 | Installation Guide - Page 322
    edit-default-sigs-only default-signatures-only specify-service-ports no specify-tcp-max-mss no specify-tcp-min-mss no MORE-- Exit signature definition submode. sensor(config-sig-sig-nor)# exit A-44 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 323
    them. Verify that the block shows up in the ARC statistics. sensor# show statistics network-access Current Configuration AllowSensorShun = false ShunMaxEntries = 100 State ShunEnable = true OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-45
  • Cisco IPS-4255-K9 | Installation Guide - Page 324
    By default, debug logging is not turned on. If you enable individual zone control, each zone uses the level of logging that it is configured for. Otherwise, the same logging level is used for all zones. A-46 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 325
    the zone names. sensor(config-log)# show settings master-control enable-debug: false individual-zone-control: true default: false zone-control (min: 0, max: 999999999, current: 14) OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-47
  • Cisco IPS-4255-K9 | Installation Guide - Page 326
    zone-control (min: 0, max: 999999999, current: 14 protected entry> zone-name: AuthenticationApp severity: warning zone-name: Cid severity: debug A-48 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 327
    zone-name: Cli severity: warning zone-name: IdapiCtlTrans severity: warning zone-name: IdsEventStore severity: error default: warning OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-49
  • Cisco IPS-4255-K9 | Installation Guide - Page 328
    MpInstaller Description Anomaly Detection zone Authentication zone General logging zone CLI zone All control transactions zone Event Store zone IDSM2 master partition installer zone A-50 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 329
    between modules in the chassis. 2. The Control Plane is the transport communications layer used by Card Manager on the AIP SSM. 3. The CIDS servlet interface is the interface layer between the CIDS web server and the servlets. For More Information To learn more about the IPS Logger service, refer
  • Cisco IPS-4255-K9 | Installation Guide - Page 330
    |produc-alert sensor(config-sig-sig-ato)# show settings atomic-ip event-action: produce-alert|reset-tcp-connection default: produce-alert fragment-status: any specify-l4-protocol no A-52 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 331
    Upgrades This section helps in troubleshooting software upgrades. It contains the following topics: • Upgrading and Analysis Engine, page A-54 • Which Updates to Apply and Their Prerequisites, page A-54 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 332
    with the Update Stored on the Sensor, page A-55 Upgrading and Analysis Engine If you try to upgrade an IPS sensor, you may receive an error that Analysis Engine is not running: sensor# upgrade scp://[email protected]/upgrades/IPS-K9-7.0-1-E3.pkg Password: ******** Warning: Executing this command will
  • Cisco IPS-4255-K9 | Installation Guide - Page 333
    there if you need to. To update the sensor with an update stored on the sensor, follow these steps: Step 1 Step 2 Log in to the service account. Obtain the update package file from Cisco.com. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-55
  • Cisco IPS-4255-K9 | Installation Guide - Page 334
    Upgrade the sensor. sensor(config)# upgrade scp://service@sensor_ip_address/upgrade/ips_package_file_name Enter password: ***** Re-enter password: ***** For More Information For the procedure for obtaining Cisco IPS software, see Obtaining Cisco IPS Software, page 11-1. Troubleshooting
  • Cisco IPS-4255-K9 | Installation Guide - Page 335
    : sensor# setup --- System Configuration Dialog --- At any point you may enter a question mark '?' for help. User ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide
  • Cisco IPS-4255-K9 | Installation Guide - Page 336
    procedure for configuring event actions, refer to Assigning Actions to Signatures. • For the procedure for obtaining statistics about virtual sensor and Event Store, refer to Displaying Statistics. A-58 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504
  • Cisco IPS-4255-K9 | Installation Guide - Page 337
    to troubleshooting the IDSM2, and contains the following topics: • Diagnosing IDSM2 Problems, page A-60 • Minimum Supported IDSM2 Configurations, page A-61 • Switch Commands for Troubleshooting, page A-61 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 338
    4200 series sensors. You can use the same troubleshooting tools as outlined in Troubleshooting the Appliance, page A-23. • For information about the Bug Toolkit and how to access it, see Bug Toolkit, page A-1. A-60 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 339
    show trunk (Catalyst software) • show span (Catalyst software) • show security acl (Catalyst software) • show intrusion-detection module (Cisco IOS software) • show monitor (Cisco IOS software) OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-61
  • Cisco IPS-4255-K9 | Installation Guide - Page 340
    Verify that the IDSM2 is online. • Catalyst Software console> enable Enter password: console> (enable) show module Mod Slot Ports Module-Type Model Sub Status . 2.0 console> (enable) A-62 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 341
    Not Come Online If the status indicator is on, but the IDSM2 does not come online, try the following troubleshooting tips: • Reset the IDSM2. • Make sure the IDSM2 is installed properly in the switch. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 342
    software console> (enable) show port 6/8 * = Configured MAC Address # = 802.1X Authenticated Port Name. Port Name Status Vlan Duplex Speed Type 6/8 connected trunk full 1000 IDS A-64 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 343
    For the procedure for configuring the switch for command and control access to the IDSM2, refer to Configuring the Catalyst 6500 Series Switch for Command and Control Access to the IDSM2. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-65
  • Cisco IPS-4255-K9 | Installation Guide - Page 344
    section contains information for troubleshooting the AIP SSM, and contains the following topics: • Health and Status Information, page A-67 • The AIP SSM and the Data Plane, page A-69 • A-66 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 345
    down before resetting it or loss of configuration may occur. Reset module in slot 1? [confirm] Reset issued for module in slot 1 asa(config)# show module Mod Card Type Model Serial No. 0 ASA 5520 Adaptive Security Appliance ASA5520 P2A00000014 1 ASA 5500 Series Security Services Module-10
  • Cisco IPS-4255-K9 | Installation Guide - Page 346
    IMAGE=IPS-SSM-K9-sys-1.1-a-5.1-0.1.img Slot-1 172> CONFIG= Slot-1 173> LINKTIMEOUT=20 Slot-1 174> PKTTIMEOUT=4 Slot-1 175> RETRY=20 Slot-1 176> tftp [email protected] via 10.89.149.254 A-68 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 347
    information for troubleshooting the IPS network modules, the AIM IPS and the NME IPS. It contains the following section: • Interoperability With Other IPS Network Modules, page A-69 Interoperability With Other IPS Network Modules Caution You cannot upgrade an NM CIDS to an NME IPS. The Cisco access
  • Cisco IPS-4255-K9 | Installation Guide - Page 348
    the CLI. Show the health and security status of the sensor. sensor# show health Overall Health Status Health Status for Failed Applications Health Status for Signature Updates Red Green Green A-70 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 349
    and sent to the destination that follows this command. If you use this keyword, the output is not displayed on the screen. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-71
  • Cisco IPS-4255-K9 | Installation Guide - Page 350
    show version Application Partition: 8 21:42:39 2009. Cisco Intrusion Prevention System, Version 7.0(1)E3 Host: Realm Keys Signature Definition: Signature Update key1.0 S383.0 2009-02-20 A-72 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 351
    Troubleshooting Gathering Information OL-18504-01 Virus Update V1.4 2007-03-02 OS Version: 2.4.30-IDS-smp-bigphys Platform: IPS 4240-K9 Serial Number: JMX1013K020 No license present Sensor = 0 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-73
  • Cisco IPS-4255-K9 | Installation Guide - Page 352
    version information. sensor# show version Application Partition: Cisco Intrusion Prevention System, Version 7.0(1)E3 Host: Realm Keys Signature Definition: Signature Update key1.0 S383.0 2009-02-20 A-74 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 353
    : ! Signature Update S383.0 2009-02-20 ! Virus Update V1.4 2007-03-02 service interface exit service authentication exit service event-action-rules rules0 exit OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-75
  • Cisco IPS-4255-K9 | Installation Guide - Page 354
    of the sensor services. This section describes the show statistics command, and contains the following topics: • Understanding the show statistics Command, page A-77 • Displaying Statistics, page A-77 A-76 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 355
    Step 1 Step 2 Log in to the CLI. Display the statistics for Analysis Engine. sensor# show statistics analysis-engine Analysis Engine Statistics Number of seconds since service started = 1421127 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-77
  • Cisco IPS-4255-K9 | Installation Guide - Page 356
    Troubleshooting Sensor vs1 No attack Detection - ON Learning - ON Next KB rotation at 10:00:00 UTC Sat Jan 18 2008 Internal Zone TCP Protocol UDP Protocol Other Protocol External Zone TCP Protocol UDP Protocol A-78 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 357
    sensor# Display the statistics for Event Server. sensor# show statistics event-server General openSubscriptions = 0 blockedSubscriptions = 0 Subscriptions sensor# Display the statistics for Event Store. sensor Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-79
  • Cisco IPS-4255-K9 | Installation Guide - Page 358
    last 5 minutes = 1 Memory Statistics Memory usage (bytes) = 500498432 Memory free (bytes) = 894976032 Auto Update Statistics lastDirectoryReadAttempt = 15:26:33 CDT Tue Jun 17 2008 A-80 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 359
    NATAddr = 0.0.0.0 Communications = telnet NetDevice Type = Cisco IP = 10.89.150.158 NATAddr = 0.0.0.0 Communications = telnet BlockInterface InterfaceName = ethernet0/1 InterfaceDirection = out OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-81
  • Cisco IPS-4255-K9 | Installation Guide - Page 360
    Vlan = ActualIp = BlockMinutes = Host IP = 21.21.12.12 Vlan = ActualIp = BlockMinutes = Host IP = 122.122.33.4 Vlan = ActualIp = BlockMinutes = 60 MinutesRemaining = 24 A-82 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 Chapter A Troubleshooting OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 361
    , or ICMP processed since reset = Total ARP packets processed since reset = 0 Total ISL encapsulated packets processed since reset = 0 Total 802.1q encapsulated packets processed since reset = 0 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-83
  • Cisco IPS-4255-K9 | Installation Guide - Page 362
    0 TCP Normalizer stage statistics Packets Input = 0 Packets Modified = 0 Dropped packets from queue = 0 Dropped packets due to deny-connection = 0 Current Streams = 0 Current Streams Closed = 0 A-84 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 363
    Chapter A Troubleshooting Gathering Information OL-18504-01 Current service-pair-inline = 0 deny-connection-inline = 0 deny-packet-inline = 0 modify-packet-inline = 0 log-attacker-packets = 0 log-pair-packets = 0 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 364
    retrieved and cleared. Verify that the statistics have been cleared. sensor# show statistics logger The number of Log interprocessor FIFO overruns = 0 The number of syslog messages received = 0 A-86 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 365
    A Troubleshooting Gathering = 0 Unknown Severity = 0 TOTAL = 0 sensor# The statistics all begin from 0. Interfaces Information The the sensing and command and control interfaces. This section describes the -01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0
  • Cisco IPS-4255-K9 | Installation Guide - Page 366
    Gathering Information Chapter A Troubleshooting Link Status = Up Transmit Errors = 0 Total Transmit FIFO Overruns = 0 sensor# Events Information You can use the show events command an IP log being created A-88 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0
  • Cisco IPS-4255-K9 | Installation Guide - Page 367
    . • error-Displays error events. Error events are generated by services when error conditions are encountered. If no level is selected (warning, error, or fatal), all error events are displayed. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-89
  • Cisco IPS-4255-K9 | Installation Guide - Page 368
    Troubleshooting • NAC-Displays ARC (block) requests. Note ARC is formerly known as NAC. This name change has not been completely implemented throughout IDM, IME, and the CLI for Cisco IPS sensor# A-90 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 369
    appInstanceId: 2316 evStatus: eventId=1041526834774829056 vendor=Cisco originator: hostId: sensor appName: login(pam_unix) appInstanceId: 2315 time: 2008/01/08 02:41:00 2008/01/08 02:41:00 UTC OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-91
  • Cisco IPS-4255-K9 | Installation Guide - Page 370
    TAC or the IPS developers in case of a problem. For More Information For the procedure for putting a file on the Cisco FTP site, see Uploading and Accessing Files on the Cisco FTP Site, page A-93. A-92 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504
  • Cisco IPS-4255-K9 | Installation Guide - Page 371
    . Use the put command to upload the files. Make sure to use the binary transfer type. To access uploaded files, log in to an ECS-supported host. Change to the /auto/ftp/incoming directory. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-93
  • Cisco IPS-4255-K9 | Installation Guide - Page 372
    Gathering Information Chapter A Troubleshooting A-94 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 373
    applications, such as gotomypc. It can also inspect FTP traffic and control the commands being issued. Advanced Integration Module. A type of IPS network module installed in Cisco routers. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 GL-1
  • Cisco IPS-4255-K9 | Installation Guide - Page 374
    in RFC 826. ASDM Adaptive Security Device Manager. A web-based application that lets you configure and manage your adaptive security device. ASN.1 Abstract Syntax Notation 1. Standard for data presentation. GL-2 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 375
    fired correctly, but the source of the traffic is nonmalicious. Basic Input/Output System. The program that starts the sensor and communicates between the devices in the sensor and the system. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 GL-3
  • Cisco IPS-4255-K9 | Installation Guide - Page 376
    be supported by Cisco IPS systems. The header that is attached to each packet in the IPS system. It contains packet classification, packet length, checksum results, timestamp, and the receive interface. GL-4 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL
  • Cisco IPS-4255-K9 | Installation Guide - Page 377
    Transaction A component of the IPS. Waits for control transactions directed to remote applications, forwards the Source control transactions to the remote node, and returns the response to the initiator. cookie A piece of information sent by a web server to a web browser that the browser is
  • Cisco IPS-4255-K9 | Installation Guide - Page 378
    D darknets A virtual private network where users connect IP addresses needed for network packets. DoS Denial of Service. An attack whose goal is just to disrupt the operation of a specific system or network. GL-6 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS
  • Cisco IPS-4255-K9 | Installation Guide - Page 379
    specific algorithm to data to alter the appearance of the data making it incomprehensible to those who are not authorized to see the information. engine A component of the sensor designed to support -01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 GL-7
  • Cisco IPS-4255-K9 | Installation Guide - Page 380
    to improve the combined efficacy of all devices. The software component of CollaborationApp that obtains and installs updates to the local global correlation databases. GL-8 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 381
    information relevant to IP packet processing. Documented in RFC 792. Denial of Service attack that sends a host more ICMP echo request ("ping") packets than the protocol implementation can handle. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 GL
  • Cisco IPS-4255-K9 | Installation Guide - Page 382
    systems and the operational messages that are used to configure and control intrusion detection systems. IDM IPS Device Manager. A web-based application that lets you configure and manage your sensor. The web server for IDM resides on the sensor. You can access it through Internet Explorer or
  • Cisco IPS-4255-K9 | Installation Guide - Page 383
    them from the processing path. Logger A component of the IPS. Writes all the log messages of the application to the log file and the error messages of the application to the Event Store. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 GL-11
  • Cisco IPS-4255-K9 | Installation Guide - Page 384
    is defined in RFC 2045. A minor version that contains minor enhancements to the product line. Minor updates are incremental to the major version, and are also base versions for service packs. GL-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 385
    to and from a computer system. NME IPS Network Module Enhanced. An IPS module that you can install in any network module slot in the Cisco 2800 and 3800 series integrated services routers. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 GL-13
  • Cisco IPS-4255-K9 | Installation Guide - Page 386
    circles. Port Aggregation Control Protocol. PAgP aids in the automatic creation of EtherChannel links by exchanging PAgP packets between LAN ports. It is a Cisco-proprietary protocol. GL-14 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 387
    from which ARC should read the ACL entries, and where it places entries before any deny entries for the addresses being blocked. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 GL-15
  • Cisco IPS-4255-K9 | Installation Guide - Page 388
    of the attack, but not any response or mitigation actions. This risk is higher when more damage could be inflicted on your network. GL-16 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 389
    onto the sensor for recovery purposes. See RTT. remote-procedure call. Technological foundation of client/server computing. RPCs are procedure calls that are built or specified by clients and are executed on servers, with the results returned over the network to the clients. Router Switch Module
  • Cisco IPS-4255-K9 | Installation Guide - Page 390
    collect packets from the network interfaces on the sensor. SensorApp is the standalone executable that runs Analysis Engine. Service engine Deals with specific protocols, such as DNS, FTP, H255 GL-18 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 391
    constant refreshing, like DRAM. Secure Shell. A utility that uses strong authentication and secure communications to log in to another computer over a network. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 GL-19
  • Cisco IPS-4255-K9 | Installation Guide - Page 392
    full IPS application and recovery image used for reimaging an entire sensor. T TAC A Cisco Technical Assistance Center. There are four TACs worldwide. TACACS+ Terminal Access Controller Access Control System Plus. Proprietary Cisco enhancement to Terminal Access Controller Access Control System
  • Cisco IPS-4255-K9 | Installation Guide - Page 393
    servers can be used to remotely manage network equipment, including sensors. TFN Tribe Flood Network. A common type of DoS attack that can take advantage of forged or rapidly changing source IP -18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 GL-21
  • Cisco IPS-4255-K9 | Installation Guide - Page 394
    VLAN ACL. An ACL that filters all packets (both within a VLAN and between VLANs) that pass through a switch. Also known as security ACLs. GL-22 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 395
    that serves users across a broad geographic area and often uses transmission devices provided by common carriers. Frame Relay, SMDS, and X.25 are examples of WANs. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 GL-23
  • Cisco IPS-4255-K9 | Installation Guide - Page 396
    file format used for data interchange between heterogeneous hosts. Z zone A set of destination IP addresses sorted into an internal, illegal, or external zone used by Anomaly Detection. GL-24 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 397
    engine A-69 password recovery A-10 recovering A-68 reimaging 12-26 removing module 6-5 requirements 6-2 resetting A-67 resetting the password A-11 session command 9-6 setup command 10-16 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 IN-1
  • Cisco IPS-4255-K9 | Installation Guide - Page 398
    updates troubleshooting A-55 automatic upgrade examples 12-10 information required 12-6 autonegotiation for hardware bypass 3-5, 4-6 auto-upgrade-option command 12-6 B backing up configuration A-3 current configuration A-4, A-5 back panel features IPS 4240 2-3 IPS 4255 2-3 IPS 4260 3-7 IPS 4270
  • Cisco IPS-4255-K9 | Installation Guide - Page 399
    control interface described 1-5 Ethernet 1-2 list 1-5 commands auto-upgrade-option 12-6 clear events 1-29, A-18, A-92 clear password A-10, A-13 copy backup-config A-3 copy current-config A-3 copy license-key 11-13 debug module-boot A-68 downgrade 12-11 hw-module module 1 reset A-67 hw-module module
  • Cisco IPS-4255-K9 | Installation Guide - Page 400
    the sensor 1-29, A-18 creating the service account A-6 cryptographic account Encryption Software Export Distribution Authorization from 11-2 obtaining 11-2 current configuration back up A-3 D DC power supply for IPS 4240 2-10 debug logging enable A-47 debug-module-boot command A-68 defaults password
  • Cisco IPS-4255-K9 | Installation Guide - Page 401
    4-49 files Cisco IPS 12-2 IDSM2 password recovery A-13 finding the serial number 5-6, 8-6 front panel indicators IPS 4240 2-2 IPS 4255 2-2 IPS 4260 3-7 IPS 4270-20 4-8 front panel switches IPS 4260 3-6 IPS 4270-20 4-8 FTP servers supported 12-2 G global correlation license 10-5 troubleshooting A-20
  • Cisco IPS-4255-K9 | Installation Guide - Page 402
    -26 IDSM2 (Catalyst software) 12-28 IDSM2 (Cisco IOS software) 12-29, 12-30 IPS 4240 12-15 IPS 4255 12-15 IPS 4260 12-18 IPS 4270-20 12-20 NME IPS 12-40 interface cards IPS 4260 installing 3-20 IN-6 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 403
    25 IPS restrictions 1-19 supported appliances 1-17 modules 1-17 tuning 1-3 IPS 4240 accessories 2-5 back panel illustration 2-3 indicators 2-3 described 2-1 features 2-2 front panel illustration 2-2 indicators 2-2 installation 2-8 installing DC power supply 2-10 system image 12-15 password recovery
  • Cisco IPS-4255-K9 | Installation Guide - Page 404
    cards 3-20 power supply 3-22 sensing interfaces 3-2 specifications 3-9 supported interface cards 3-2, 3-3 IPS 4270-20 4GE bypass interface card 4-2 accessories kit 4-44 sensing interfaces 4-2 IN-8 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 405
    number 11-10 Licensing pane configuring 11-12 described 11-10 limitations for concurrent CLI sessions 2-1, 3-1, 4-1, 5-1, 6-1, 7-1, 8-1, 9-1 logging in AIM IPS 9-5 AIP SSM 9-6 appliances 9-2 IDSM2 9-8 NME IPS 9-10 sensors SSH 9-11 Telnet 9-11 service role 9-2 terminal servers 1-19, 9-3, 12-14
  • Cisco IPS-4255-K9 | Installation Guide - Page 406
    cryptographic account 11-2 IPS software 11-1 P password recovery AIM IPS A-10 AIP SSM A-10 appliances A-8 CLI A-14 described A-8 disabling A-14 GRUB menu A-8 IDSM2 A-13 IPS 4240 A-9 IPS 4255 A-9 IPS-4260 A-9 IPS 4270-20 A-9 NME IPS A-13 platforms A-8 ROMMON A-9 troubleshooting A-15 verifying A-15
  • Cisco IPS-4255-K9 | Installation Guide - Page 407
    12-5 reimaging AIP SSM 12-26 appliances 12-12 described 12-1 IDSM2 12-28 IPS 4240 12-15 IPS 4255 12-15 IPS 4260 12-18 IPS 4270-20 12-20 NME IPS 12-40 sensors 11-8, 12-1 removing AIM IPS 5-5 AIP SSM 6-5 chassis cover IPS 4260 3-19 IPS 4270-20 4-39 last applied service pack 12-11 signature update 12
  • Cisco IPS-4255-K9 | Installation Guide - Page 408
    12-14 IPS 4240 12-15 IPS 4255 12-15 IPS 4260 12-18 IPS 4270-20 12-18, 12-20 password recovery A-9 remote sensors 12-14 serial console port 12-14 TFTP 12-14 round-trip time. See RTT. RTT described 12-14 TFTP limitation 12-14 S scheduling automatic upgrades 12-8 security information on Cisco Security
  • Cisco IPS-4255-K9 | Installation Guide - Page 409
    AIM IPS 5-2 NME IPS 8-2 software updates supported FTP servers 12-2 supported HTTP/HTTPS servers 12-2 SPAN appliances 1-19 IDSM2 1-24 port issues A-32 specifications AIM IPS 5-1 AIP SSM 6-1 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 IN
  • Cisco IPS-4255-K9 | Installation Guide - Page 410
    A-55 cannot access sensor A-26 cidDump A-92 cidLog messages to syslog A-51 communication A-26 corrupted SensorApp configuration A-37 debug logger zone names (table) A-50 debug logging A-46 IN-14 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • Cisco IPS-4255-K9 | Installation Guide - Page 411
    1-24 verifying IDSM2 installation 7-9 NME IPS installation 8-6 NTP configuration 1-28 password recovery A-15 sensor initialization 10-28 sensor setup 10-28 VLAN access control list. See VACL. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 IN-15
  • Cisco IPS-4255-K9 | Installation Guide - Page 412
    Index VLAN groups 802.1q encapsulation 1-16 configuration restrictions 1-11 deploying 1-16 described 1-15 switches 1-16 IN-16 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco Intrusion Prevention System
Appliance and Module Installation Guide
for IPS 7.0
Text Part Number: OL-18504-01