Cisco IPS-4255-K9 Installation Guide - Page 182
Logging In to the AIM IPS, The AIM IPS and the session Command
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 182 highlights
Logging In to the AIM IPS Chapter 9 Logging In to the Sensor Caution If a connection is dropped or terminated by accident, you should reestablish the connection and exit normally to prevent unauthorized access to the appliance. Logging In to the AIM IPS This section describes how to use the session command to log in to the AIM IPS, and contains the following topics: • The AIM IPS and the session Command, page 9-4 • Sessioning In to the AIM IPS, page 9-5 The AIM IPS and the session Command Because the AIM IPS does not have an external console port, console access to the AIM IPS is enabled when you issue the service-module ids-sensor slot/port session command on the router, or when you initiate a Telnet connection into the router with the slot number corresponding to the AIM IPS port number. The lack of an external console port means that the initial bootup configuration is possible only through the router. When you issue the service-module ids-sensor slot/port session command, you create a console session with the AIM IPS, in which you can issue any IPS configuration commands. After completing work in the session and exiting the IPS CLI, you are returned to the Cisco IOS CLI. The session command starts a reverse Telnet connection using the IP address of the IDS-Sensor interface. The IDS-Sensor interface is an interface between the AIM IPS and the router. You must assign an IP address to the IDS-Sensor interface before invoking the session command. Assigning a routable IP address can make the IDS-Sensor interface itself vulnerable to attacks, because the AIM IPS is visible on the network through that routable IP address, meaning you can communicate with the AIM IPS outside the router. To counter this vulnerability, assign an unnumbered IP address to the IDS-Sensor interface. Then the AIM IPS IP address is only used locally between the router and the AIM IPS, and is isolated for the purposes of sessioning in to the AIM IPS. Note Before you install your application software or reimage the module, opening a session brings up the bootloader. After you install the software, opening a session brings up the application. Caution If you session to the module and perform large console transfers, character traffic may be lost unless the host console interface speed is set to 115200/bps or higher. Use the show running config command to check that the speed is set to 115200/bps. For More Information For the procedure for configuring an unnumbered IP address interface for the AIM IPS, refer to Using an Unnumbered IP Address Interface. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 9-4 OL-18504-01