Home » Cisco Manuals » Networking » Cisco IPS-4255-K9 » Manual Viewer

Cisco IPS-4255-K9 Installation Guide - Page 338

Diagnosing IDSM2 Problems, Control Transaction Server

UPC - 746320951096

Add to My Manuals
Save this manual to your list of manuals

Page 338 highlights

Troubleshooting the IDSM2 Chapter A Troubleshooting • Status LED Off, page A-62 • Status LED On But the IDSM2 Does Not Come Online, page A-63 • Cannot Communicate With the IDSM2 Command and Control Port, page A-64 • Using the TCP Reset Interface, page A-66 • Connecting a Serial Cable to the IDSM2, page A-66 Diagnosing IDSM2 Problems Use the following list to diagnose IDSM2 problems: • The ribbon cable between the IDSM2 and the motherboard is loose. During physical handling of the module, the connector can come loose from the base card, and cause the daughter card and the base card to lose contact with each other. A loose ribbon cable connector causes an on-line diagnostic error on ports 7 and 8. The module cannot operate when this condition exists. For more information, refer to Partner Field Notice 29877. • Some IDSM2s were shipped with faulty DIMMs. For the procedure for checking the IDSM2 for faulty memory, refer to Partner Field Notice 29837. • The hard-disk drive fails to read or write. When the hard-disk drive has been in constant use for extended periods of time (for more than 2 weeks), multiple symptoms, such as the following, can occur: - An inability to log in - I/O errors to the console when doing read/write operations (the ls command) - Commands do not execute properly (cannot find the path to the executable) The switch reports that the module is ok, but if you log in to the Service account and try to execute commands, you see that the problem exists. The 4.1(4) service pack alleviates this problem, but if you reimage the IDSM2 with the 4.1(4) application partition image, you must apply the 4.1(4b) patch. For more information, refer to CSCef12198. • SensorApp either crashes or takes 99% of the CPU when IP logging is enabled for stream-based signatures (1300 series). For the workaround, refer to CSCed32093. • The IDSM2 appears to lock up and remote access is prohibited (SSH, Telnet, IDM, Event Server, Control Transaction Server, and IP log Server). This defect is related to using SWAP. The IDSM2 responds to pings. Apply the 4.1(4) service pack to resolve this issue. For more information, refer to CSCed54146. • Shortly after you upgrade the IDSM2 or you tune a signature with VMS, the IDSM2 becomes unresponsive and often produces a SensorApp core file. Apply the 4.1(4b) patch to fix this issue. • Confirm that the IDSM2 has the supported configurations. If you have confirmed that the IDSM2 does not suffer from any of the problems listed above and yet it appears unresponsive, for example, you cannot log in through SSH or Telnet, nor can you session to the switch, determine if the IDSM2 responds to pings and if you can log in through the service account. If you can log in, obtain a cidDump and any core files and contact TAC. For More Information • The IDSM2 has the same software architecture as the 4200 series sensors. You can use the same troubleshooting tools as outlined in Troubleshooting the Appliance, page A-23. • For information about the Bug Toolkit and how to access it, see Bug Toolkit, page A-1. A-60 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01

Section	Page
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0	1
Preface	13
Contents	13
Audience	13
Comply with Local and National Electrical Codes	13
Organization	15
Conventions	15
Related Documentation	16
Obtaining Documentation and Submitting a Service Request	17
Introducing the Sensor	19
How the Sensor Functions	19
Capturing Network Traffic	19
Your Network Topology	21
Correctly Deploying the Sensor	21
Tuning the IPS	21
Sensor Interfaces	22
Understanding Sensor Interfaces	22
Command and Control Interface	23
Sensing Interfaces	24
Interface Support	24
TCP Reset Interfaces	27
Interface Restrictions	28
Interface Modes	30
Promiscuous Mode	30
IPv6, Switches, and Lack of VACL Capture	31
Inline Interface Pair Mode	32
Inline VLAN Pair Mode	33
VLAN Group Mode	33
Deploying VLAN Groups	34
Supported Sensors	35
IPS Appliances	36
Introducing the IPS Appliance	36
Appliance Restrictions	37
Connecting an Appliance to a Terminal Server	37
IPS Modules	38
Introducing the AIM IPS	38
Introducing the AIP SSM	40
Introducing the IDSM2	42
Introducing the NME IPS	43
Time Sources and the Sensor	44
The Sensor and Time Sources	44
Synchronizing IPS Module System Clocks with the Parent Device System Clock	46
Verifying the Sensor is Synchronized with the NTP Server	46
Correcting the Time on the Sensor	47
Installation Preparation	47
Site and Safety Guidelines	48
Site Guidelines	48
Rack Configuration Guidelines	48
Electrical Safety Guidelines	49
Power Supply Guidelines	50
Working in an ESD Environment	50
Cable Pinouts	51
10/100BaseT and 10/100/1000BaseT Connectors	52
Console Port (RJ-45)	53
RJ-45 to DB-9 or DB-25	54
Installing the IPS 4240 and the IPS 4255	55
Introducing the IPS 4240 and the IPS 4255	55
Front and Back Panel Features	56
Specifications	58
Connecting the IPS 4240 to a Cisco 7200 Series Router	59
Accessories	59
Important Safety Instructions	59
Rack Mounting	60
Installing the IPS 4240 and the IPS 4255	61
Installing the IPS 4240-DC	64
Installing the IPS 4260	69
Introducing the IPS 4260	69
Supported Interface Cards	70
Hardware Bypass	72
4GE Bypass Interface Card	72
Hardware Bypass Configuration Restrictions	73
Hardware Bypass and Link Changes and Drops	74
Front and Back Panel Features	74
Specifications	77
Accessories	77
Important Safety Instructions	78
Rack Mounting	78
Installing the IPS 4260 in a 4-Post Rack	78
Installing the IPS 4260 in a 2-Post Rack	81
Installing the IPS 4260	83
Removing and Replacing the Chassis Cover	86
Installing and Removing Interface Cards	88
Installing and Removing the Power Supply	90
Installing the IPS 4270-20	93
Introducing the IPS 4270-20	94
Supported Interface Cards	95
Hardware Bypass	97
4GE Bypass Interface Card	97
Hardware Bypass Configuration Restrictions	98
Hardware Bypass and Link Changes and Drops	99
Front and Back Panel Features	99
Diagnostic Panel	103
Internal Components	105
Specifications	106
Accessories	107
Installing the Rail System Kit	107
Understanding the Rail System Kit	107
Rail System Kit Contents	108
Space and Airflow Requirements	108
Installing the IPS 4270-20 in the Rack	109
Extending the IPS 4270-20 from the Rack	117
Installing the Cable Management Arm	120
Converting the Cable Management Arm	123
Installing the IPS 4270-20	127
Removing and Replacing the Chassis Cover	130
Accessing the Diagnostic Panel	133
Installing and Removing Interface Cards	133
Installing and Removing the Power Supply	136
Installing and Removing Fans	141
Troubleshooting Loose Connections	143
Installing the AIM IPS	145
Specifications	145
Before Installing the AIM IPS	146
Software and Hardware Requirements	146
Interoperability With Other IPS Modules	147
Restrictions	147
Hardware Interfaces	148
Installation and Removal Instructions	149
Verifying Installation	150
Installing the AIP SSM	151
Specifications	151
Memory Specifications	152
Hardware and Software Requirements	152
Indicators	152
Installation and Removal Instructions	153
Installing the AIP SSM	153
Verifying the Status of the AIP SSM	154
Removing the AIP SSM	155
Installing the IDSM2	157
Specifications	157
Software and Hardware Requirements	158
Minimum Supported the IDSM2 Configurations	158
Using the TCP Reset Interface	159
Front Panel Features	159
Installation and Removal Instructions	160
Required Tools	160
Slot Assignments	161
Installing the IDSM2	161
Verifying Installation	165
Removing the IDSM2	166
Enabling Full Memory Tests	168
Catalyst Software	168
Cisco IOS Software	169
Resetting the IDSM2	169
Catalyst Software	169
Cisco IOS Software	170
Powering the IDSM2 Up and Down	171
Catalyst Software	171
Cisco IOS Software	172
Installing the NME IPS	173
Specifications	173
Before Installing the NME IPS	174
Software and Hardware Requirements	174
Interoperability With Other IPS Modules	175
Restrictions	175
Hardware Interfaces	176
Installation and Removal Instructions	177
Verifying Installation	178
Logging In to the Sensor	179
Supported User Roles	179
Logging In to the Appliance	180
Connecting an Appliance to a Terminal Server	181
Logging In to the AIM IPS	182
The AIM IPS and the session Command	182
Sessioning In to the AIM IPS	183
Logging In to AIP SSM	184
Logging In to the IDSM2	186
Logging In to the NME IPS	187
The NME IPS and the session Command	187
Sessioning In to the NME IPS	188
Logging In to the Sensor	189
Initializing the Sensor	191
Understanding Initialization	191
Simplified Setup Mode	191
System Configuration Dialog	192
Basic Sensor Setup	194
Advanced Setup	197
Advanced Setup for the Appliance	198
Advanced Setup for the AIM IPS	203
Advanced Setup for the AIP SSM	206
Advanced Setup for the IDSM2	210
Advanced Setup for the NME IPS	215
Verifying Initialization	218
Obtaining Software	221
Obtaining Cisco IPS Software	221
IPS Software Versioning	222
Software Release Examples	226
Upgrading Cisco IPS Software to 7.0	227
Accessing IPS Documentation	229
Cisco Security Intelligence Operations	229
Obtaining a License Key From Cisco.com	230
Understanding Licensing	230
Service Programs for IPS Products	231
Obtaining and Installing the License Key Using IDM or IME	231
Obtaining and Installing the License Key Using the CLI	233
Upgrading, Downgrading, and Installing System Images	237
Upgrades, Downgrades, and System Images	237
Supported FTP and HTTP/HTTPS Servers	238
Upgrading the Sensor	238
IPS 7.0 Upgrade Files	238
upgrade Command and Options	239
Using the upgrade Command	240
Upgrading the Recovery Partition	241
Configuring Automatic Upgrades	242
Automatic Upgrades	242
auto-upgrade Command and Options	243
Using the auto-upgrade Command	244
Automatic Upgrade Examples	246
Downgrading the Sensor	247
Recovering the Application Partition	248
Application Partition	248
Using the recover Command	248
Installing System Images	249
Understanding ROMMON	250
Supported TFTP Servers	250
Connecting an Appliance to a Terminal Server	250
Installing the IPS 4240 and IPS 4255 System Images	251
Installing the IPS 4260 System Image	254
Installing the IPS 4270-20 System Image	256
Installing the AIM IPS System Image	259
Installing the AIP SSM System Image	261
Reimaging the AIP SSM	262
Reimaging the AIP SSM Using the recover configure/boot Command	262
Installing the IDSM2 System Image	264
Understanding the IDSM2 System Image	264
Installing the IDSM2 System Image for Catalyst Software	264
Installing the IDSM2 System Image for Cisco IOS Software	265
Configuring the IDSM2 Maintenance Partition for Catalyst Software	267
Configuring the IDSM2 Maintenance Partition for Cisco IOS Software	271
Upgrading the IDSM2 Maintenance Partition for Catalyst Software	274
Upgrading the IDSM2 Maintenance Partition for Cisco IOS Software	275
Installing the NME IPS System Image	276
Troubleshooting	279
Bug Toolkit	279
Preventive Maintenance	280
Understanding Preventive Maintenance	280
Creating and Using a Backup Configuration File	281
Backing Up and Restoring the Configuration File Using a Remote Server	281
Creating the Service Account	283
Disaster Recovery	284
Recovering the Password	285
Understanding Password Recovery	286
Recovering the Appliance Password	286
Using the GRUB Menu	286
Using ROMMON	287
Recovering the AIM IPS Password	288
Recovering the AIP SSM Password	288
Recovering the IDSM2 Password	291
Recovering the NME IPS Password	291
Disabling Password Recovery	292
Verifying the State of Password Recovery	293
Troubleshooting Password Recovery	293
Time and the Sensor	294
Time Sources and the Sensor	294
Synchronizing IPS Module Clocks with Parent Device Clocks	295
Verifying the Sensor is Synchronized with the NTP Server	295
Correcting Time on the Sensor	296
Advantages and Restrictions of Virtualization	296
Supported MIBs	297
When to Disable Anomaly Detection	298
Troubleshooting Global Correlation	298
Analysis Engine Not Responding	299
Troubleshooting External Product Interfaces	300
External Product Interfaces Issues	300
External Product Interfaces Troubleshooting Tips	301
Troubleshooting the Appliance	301
Hardware Bypass and Link Changes and Drops	302
Troubleshooting Loose Connections	302
Analysis Engine is Busy	303
Connecting the IPS 4240 to a Cisco 7200 Series Router	303
Communication Problems	304
Cannot Access the Sensor CLI Through Telnet or SSH	304
Correcting a Misconfigured Access List	306
Duplicate IP Address Shuts Interface Down	307
SensorApp and Alerting	308
SensorApp Not Running	308
Physical Connectivity, SPAN, or VACL Port Issue	310
Unable to See Alerts	311
Sensor Not Seeing Packets	313
Cleaning Up a Corrupted SensorApp Configuration	315
Blocking	315
Troubleshooting Blocking	316
Verifying ARC is Running	316
Verifying ARC Connections are Active	317
Device Access Issues	319
Verifying the Interfaces and Directions on the Network Device	321
Enabling SSH Connections to the Network Device	321
Blocking Not Occurring for a Signature	322
Verifying the Master Blocking Sensor Configuration	323
Logging	324
Understanding Debug Logging	324
Enabling Debug Logging	325
Zone Names	328
Directing cidLog Messages to SysLog	329
TCP Reset Not Occurring for a Signature	330
Software Upgrades	331
Upgrading and Analysis Engine	332
Which Updates to Apply and Their Prerequisites	332
Issues With Automatic Update	333
Updating a Sensor with the Update Stored on the Sensor	333
Troubleshooting IDM	334
Cannot Launch IDM - Loading Java Applet Failed	334
Cannot Launch IDM-Analysis Engine Busy	335
IDM, Remote Manager, or Sensing Interfaces Cannot Access Sensor	335
Signatures Not Producing Alerts	336
Troubleshooting IME	337
Time Synchronization on IME and the Sensor	337
Not Supported Error Message	337
Troubleshooting the IDSM2	337
Diagnosing IDSM2 Problems	338
Minimum Supported IDSM2 Configurations	339
Switch Commands for Troubleshooting	339
Status LED Off	340
Status LED On But the IDSM2 Does Not Come Online	341
Cannot Communicate With the IDSM2 Command and Control Port	342
Using the TCP Reset Interface	344
Connecting a Serial Cable to the IDSM2	344
Troubleshooting the AIP SSM	344
Health and Status Information	345
The AIP SSM and the Data Plane	347
AIM SSP and the Normalizer Engine	347
Troubleshooting the AIM IPS and the NME IPS	347
Interoperability With Other IPS Network Modules	347
Gathering Information	348
Health and Network Security Information	348
Tech Support Information	349
Understanding the show tech-support Command	349
Displaying Tech Support Information	349
Tech Support Command Output	350
Version Information	352
Understanding the show version Command	352
Displaying Version Information	352
Statistics Information	354
Understanding the show statistics Command	355
Displaying Statistics	355
Interfaces Information	365
Understanding the show interfaces Command	365
Interfaces Command Output	365
Events Information	366
Sensor Events	366
Understanding the show events Command	367
Displaying Events	367
Clearing Events	370
cidDump Script	370
Uploading and Accessing Files on the Cisco FTP Site	371
Glossary	373

Match case Limit results 1 per page

A-60

Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0

OL-18504-01

Chapter A

Troubleshooting

Troubleshooting the IDSM2

•

Status LED Off, page A-62

•

Status LED On But the IDSM2 Does Not Come Online, page A-63

•

Cannot Communicate With the IDSM2 Command and Control Port, page A-64

•

Using the TCP Reset Interface, page A-66

•

Connecting a Serial Cable to the IDSM2, page A-66

Diagnosing IDSM2 Problems

Use the following list to diagnose IDSM2 problems:

•

The ribbon cable between the IDSM2 and the motherboard is loose.

During physical handling of the module, the connector can come loose from the base card, and cause

the daughter card and the base card to lose contact with each other. A loose ribbon cable connector

causes an on-line diagnostic error on ports 7 and 8. The module cannot operate when this condition

exists. For more information, refer to Partner Field Notice 29877.

•

Some IDSM2s were shipped with faulty DIMMs. For the procedure for checking the IDSM2 for

faulty memory, refer to Partner Field Notice 29837.

•

The hard-disk drive fails to read or write. When the hard-disk drive has been in constant use for

extended periods of time (for more than 2 weeks), multiple symptoms, such as the following, can

occur:

–

An inability to log in

–

I/O errors to the console when doing read/write operations (the

command)

–

Commands do not execute properly (cannot find the path to the executable)

The switch reports that the module is ok, but if you log in to the Service account and try to execute

commands, you see that the problem exists. The 4.1(4) service pack alleviates this problem, but if

you reimage the IDSM2 with the 4.1(4) application partition image, you must apply the 4.1(4b)

patch. For more information, refer to CSCef12198.

•

SensorApp either crashes or takes 99% of the CPU when IP logging is enabled for stream-based

signatures (1300 series). For the workaround, refer to CSCed32093.

•

The IDSM2 appears to lock up and remote access is prohibited (SSH, Telnet, IDM, Event Server,

Control Transaction Server, and IP log Server). This defect is related to using SWAP. The IDSM2

responds to pings. Apply the 4.1(4) service pack to resolve this issue. For more information, refer

to CSCed54146.

•

Shortly after you upgrade the IDSM2 or you tune a signature with VMS, the IDSM2 becomes

unresponsive and often produces a SensorApp core file. Apply the 4.1(4b) patch to fix this issue.

•

Confirm that the IDSM2 has the supported configurations.

If you have confirmed that the IDSM2 does not suffer from any of the problems listed above and yet it

appears unresponsive, for example, you cannot log in through SSH or Telnet, nor can you session to the

switch, determine if the IDSM2 responds to pings and if you can log in through the service account. If

you can log in, obtain a cidDump and any core files and contact TAC.

For More Information

•

The IDSM2 has the same software architecture as the 4200 series sensors. You can use the same

troubleshooting tools as outlined in

Troubleshooting the Appliance, page A-23

•

For information about the Bug Toolkit and how to access it, see

Bug Toolkit, page A-1