Cisco Router and Security Device Manager 2.5 User Guide
Network Module Management
Downloads: This chapterpdf (PDF - 364.0KB) The complete bookPDF (PDF - 7.45MB) | Feedback

Network Module Management

Table Of Contents

Network Module Management

IDS Network Module Management

IDS Sensor Interface IP Address

IP Address Determination

IDS NM Configuration Checklist

IDS NM Interface Monitoring Configuration

Network Module Login

Feature Unavailable 

Switch Module Interface Selection


Network Module Management


If the router has network modules that are managed by other applications, such as Intrusion Detection System (IDS), Secure Router Device Manager (Cisco SDM) provides a means for you to launch those applications.

IDS Network Module Management

If a Cisco IDS Network Module is installed on the router, this window displays basic status information for it. If the IDS Network Module has been configured, you will also be able to start the Intrusion Detection Device Manager (IDM) software on the IDS Network Module, and select the router interfaces that you want the IDS Network Module to monitor from this window.

If Cisco SDM detects that the IDS Network Module has not been configured, it prompts you to open a session to the network module so that you can configure it. You can use Telnet or SSH for this session.

IDS Network Module Control Buttons

Cisco SDM enables you to issue a number of basic commands to the IDS Network Module from this window.

Reload

Click to reload the IDS network module operating system.

Reset

Click to perform a reset of the IDS network module hardware You should only use the Reset button to recover from Failed state, or after you have shutdown the IDS Network Module.

Shutdown

Click to shutdown the IDS Network Module. You should always perform a shutdown before you to remove the module from the router.

Launch IDM

Click to start the IDM software on the IDS module. When you launch the IDM software, Cisco SDM displays a dialog box that asks you for the IP address of the IDS module's external Fast Ethernet interface. When Cisco SDM obtains the correct address, it opens an IDM window. For more information on this dialog box, refer to IP Address Determination.

For more information on how to run the IDM application, refer to the documents at the following link:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/index.htm

Refresh

Click to refresh the status display.

IDS Network Module Status

This area shows the general status of the IDS Network Module. It contains the following types of information.

Service Module-The name of the network module.

State-The state of the network module. Possible states are: Steady state, Shutdown, and/or Failed.

Software Version-The version of IDM software running on the module.

Model-The model number of the network module.

Memory-The amount of memory available on the network module.

IDS NM Monitoring Interface Settings

This area of the window shows which router interfaces have traffic sent to the IDS network module for monitoring.

A check mark icon next to the interface name indicates that the IDS network module is monitoring the traffic on that interface.

A red icon with an X next to the interface name indicates that the IDS network module is not monitoring the traffic on that interface.


Configure

Click to add or remove interfaces from this list. When you click Configure, Cisco SDM verifies that the IDS Network Module has been configured, and that the router has all the configuration settings necessary to communicate with the IDS Network Module. If any configurations are not in place, Cisco SDM displays a checklist showing you what has been configured and what has not been configured. You can click on the items that have not been configured to complete the configuration, and then have Cisco SDM reverify that these items have been configured so that you can then add or remove interfaces from the IDS Network Module Interface Settings list.

IDS Sensor Interface IP Address

Cisco SDM must communicate with the IDS network module using the IP address of the module's internal Fast Ethernet interface. This window appears when Cisco SDM cannot detect this IP address, and enables you to supply one without leaving Cisco SDM to do so. If the IDS network module has been configured with a static IP address, or configured as IP unnumbered to another interface with an IP address, this window will not appear.

Entering an IP address in this window may create a new loopback interface. Loopback interfaces can be displayed in the Interfaces and Connections window. The IP address you enter will only be seen by the router. Therefore, it can be any address you want to use.

IP Address

Enter an IP address to use for the IDS Sensor interface. Cisco SDM will do the following:

Create a loopback interface. The number 255 is used if available, if not, another number will be used. This loopback interface will be listed in the Interfaces and Connections window.

Configure the loopback interface with the IP address you enter.

Configure the IDS network module IP unnumbered to the loopback interface.

If the IDS network module has already been configured IP unnumbered to an existing loopback interface, but the interface does not have a valid IP address, the loopback interface is given the IP address you enter in this window.

IP Address Determination

Cisco SDM displays this window when it needs to determine the IP address of a network module that you are attempting to manage. This is typically the IP address of the module's external Ethernet interface. Cisco SDM can use the address it used the last time the management application was run, it can attempt to discover the IP address, or it can accept an address that you provide in this window.

Select a method, and click OK. If the method you choose fails, you can select another method.

Use Cisco SDM last known IP Address

Click to have Cisco SDM use the IP address that it used the last time that the management application for this network module was run. If the IP address of module has not been changed since the management application was last run, and you do not want Cisco SDM to attempt discovery of the address, use this option.

Let Cisco SDM discover IP address

Click to have Cisco SDM attempt to discover the network module's IP address. You can use this option if you do not know the IP address, and you are not sure that the last address Cisco SDM used to contact the network module is still correct.

Specify

If you know the network module's IP address, choose this option, and enter the address. Cisco SDM will remember the address, and you can select Use SDM last known IP Address the next time you start the network module.

IDS NM Configuration Checklist

This window is displayed when you have clicked Configure in the IDS Network Module Management window to specify the router interfaces whose traffic is to be analyzed, but the IDS network module or the router lacks a configuration setting required for the two devices to communicate. It shows which configuration settings are needed, and in some cases, allows you to complete the configuration from within Cisco SDM.

A check mark icon in the Action column means the configuration setting has been made.

An X icon in the Action column means that the configuration setting must be made in order for the router to be able to communicate with the IDS network module.


IDS NM Sensor Interface

If this row contains an X icon in the Action column, the IDS NM Sensor interface has not been configured with an IP address. Double-click the row and enter an IP address for the IDS Sensor in the dialog displayed. The IDS Sensor IP address is the address that Cisco SDM and the router use when communicating with the IDS network module. This IP address can be a private address; no hosts other than the router it is installed in will be able to reach the address.


Date & Time

If this row contains an X icon in the Action column, the router's clock settings have not been configured. Double-click on this row, and enter time and date settings in the Date and Time Properties window.


IP CEF Setting

If this row contains an X icon in the Action column, Cisco Express Forwarding (CEF) has not been enabled on the router. Double-click on this row, and click Yes to enable IP CEF on the router.


IDS NM Initial Setup

If this row contains an X icon in the Action column, Cisco SDM has detected that the IDS Network Module's default IP address has not been changed. Double-click on this row, and Cisco SDM will prompt you to open a session to the IDS module and complete configuration.You can use Telnet or SSH for this session.


For more information on configuring the IDS module, refer to the documents at the following link.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/index.htm

Refresh

After you have fixed configuration settings, you can click this button to refresh the checklist. If an X icon remains in the Action column, a configuration setting has still not been made.


IDS NM Interface Monitoring Configuration

Use this window to select router interfaces whose traffic you want the IDS network module to monitor.

Monitored Interfaces

This lists contains the interfaces whose traffic the IDS network module is monitoring. To add an interface to this list, select an interface from the Available Interfaces list, and click the left arrow (<<) button. To remove an interface from this list select the interface and click the right arrow (>>) button.

Available Interfaces

This lists contains the interfaces whose traffic the IDS network module is not currently monitoring. To add an interface to the Monitoring Interfaces list, select the interface, and click the left arrow (<<) button.

Network Module Login

Enter the username and password required to login to the network module. These credentials may not be the same credentials required to log in to the router.

Feature Unavailable 

This window appears when you try to configure a feature that the Cisco IOS image on your router does not support. If you want to use this feature, obtain a Cisco IOS image from Cisco.com that supports it.

Switch Module Interface Selection

This window is displayed when there is more than one switch module installed on the router, and allows you to select the one that you want to manage. Click the radio button next to the switch module that you want to manage, and then click OK.