Cisco IPS-4255-K9 Installation Guide - Page 187
Logging In to the NME IPS, The NME IPS and the session Command
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 187 highlights
Chapter 9 Logging In to the Sensor Logging In to the NME IPS Logging In to the NME IPS This section describes how to use the session command to log in to the NME IPS, and contains the following topics: • The NME IPS and the session Command, page 9-9 • Sessioning In to the NME IPS, page 9-10 The NME IPS and the session Command Because the NME IPS does not have an external console port, console access to the NME IPS is enabled when you issue the service-module ids-sensor slot/port session command on the router, or when you initiate a Telnet connection into the router with the slot number corresponding to the NME IPS port number. The lack of an external console port means that the initial bootup configuration is possible only through the router. When you issue the service-module ids-sensor slot/port session command, you create a console session with the NME IPS, in which you can issue any IPS configuration commands. After completing work in the session and exiting the IPS CLI, you are returned to the Cisco IOS CLI. The session command starts a reverse Telnet connection using the IP address of the IDS-Sensor interface. The IDS-Sensor interface is an interface between the NME IPS and the router. You must assign an IP address to the IDS-Sensor interface before invoking the session command. Assigning a routable IP address can make the IDS-Sensor interface itself vulnerable to attacks, because the NME IPS is visible on the network through that routable IP address, meaning you can communicate with the NME IPS outside the router. To counter this vulnerability, assign an unnumbered IP address to the IDS-Sensor interface. Then the NME IPS IP address is only used locally between the router and the NME IPS, and is isolated for the purposes of sessioning in to the NME IPS. Note Before you install your application software or reimage the module, opening a session brings up the bootloader. After you install the software, opening a session brings up the application. Caution If you session to the module and perform large console transfers, character traffic may be lost unless the host console interface speed is set to 115200/bps or higher. Use the show running config command to check that the speed is set to 115200/bps. For More Information For the procedure for configuring monitoring interfaces for the NME IPS, refer to Configuring Monitoring on the Router Interface. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 9-9