Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 6.0
Index
Downloads: This chapterpdf (PDF - 626.0KB) The complete bookPDF (PDF - 9.72MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - R - S - T - U - V - X -

Index

Numerics

2SX card

described 5-3, 6-4

illustration 5-3, 6-4

4GE bypass interface card

configuration restrictions 5-5, 6-5

described 5-2, 5-3, 5-4, 6-3, 6-4

illustration 5-3, 6-3

802.1q encapsulation and VLAN groups 1-14

A

accelerator cards. See XL cards.

access control list. See ACL.

accessing

Diagnostic Panel (IPS 4270-20) 6-40

IPS software 13-2

access list misconfiguration A-29

accessories

four-post racks

installing appliances in racks 3-21

installing cable-management arms 3-22

installing slide assemblies 3-19

rack-kit contents 3-19

routing cables 3-26

tools 3-19

two-post racks

center-mount installations 3-29

flush-mount installations 3-30

marking racks 3-29

rack kit contents 3-28

tools 3-28

actions

ACL changes 1-3

IP logs 1-3

multiple packet drop 1-3

TCP reset 1-3

adaptive security appliance described 1-22

AIM-IPS

branch router (illustration) 1-21

described 1-20

illustration 1-22

initializing 11-19

installation prerequisites 7-2

installing 7-5

installing system image 14-45

logging in 12-9

reimaging 14-45

removing 7-5

restrictions 7-3

session command 12-9

sessioning 12-9

setup command 11-19

software requirements 7-2

specifications 7-1

time sources 1-28, A-17

verifying installation 7-6, A-75

AIP SSM

Deny Connection Inline A-74

Deny Packet Inline A-74

Normalizer engine A-73

Reset TCP Connection A-74

TCP reset packets A-74

AIP-SSM

described 1-22

indicators described 8-3

initializing 11-25

installing 8-4

installing system image 14-48

logging in 12-10

memory specifications 8-2

models 1-22

recovering A-71

reimaging 14-48

removing 8-6

requirements 8-2

resetting A-70

session command 12-10

setup command 11-25

show module 1 command 8-5

specifications 8-1

time sources 1-28, A-18

verifying status 8-5

alternate TCP reset interface configuration restrictions 1-11

Analysis Engine

error messages A-26

IDM exits A-61

verify it is running A-22

anomaly detection disabling A-21

appliances

ACLs 1-3

application partition image 14-12

described 1-17

four-post racks

installing appliances in racks 3-21

installing cable-management arms 3-22

routing cables 3-26

GRUB menu A-9

hardware

dual serial communication cables 3-7

spare hard-disk drives 3-5

terminal settings 3-7

IDS-4215

rack mounting 2-7

surface mounting 2-6

IDS-4235/4250

front panel 3-2

indicators 3-3

initializing 11-4

installing

XL cards (IDS-4235/4250) 3-14

XL cards (IDS-4250) 3-14

logging in 12-2

managers 1-17

models 1-17

password recovery A-9

recovering software image 14-27

restrictions 1-18

SPAN 1-17

TCP reset 1-3

terminal servers

described 1-18, 12-3, 14-14

setting up 1-18, 12-3, 14-14

time sources 1-27, A-17

two-post racks

marking racks 3-29

rack kit contents 3-28

tools 3-28

upgrading recovery partition 14-6

XL card fiber ports 3-16

application partition image recovering 14-12

applying software updates A-56

ARC

blocking not occurring for signature A-45

device access issues A-42

enabling SSH A-44

inactive state A-40

misconfigured MBS A-46

troubleshooting A-39

verifying device interfaces A-43

verifying status A-39

ASA 5500 AIP SSM

password recovery A-12

resetting the password A-12

ASDM resetting passwords A-14

asymmetric traffic disabling anomaly detection A-21

attack responses TCP reset 1-3

automatic updates troubleshooting A-56

automatic upgrades

information required 14-7

autonegotiation hardware bypass 5-5, 6-5

auto-upgrade-option command 14-7

B

backing up

configuration A-2

current configuration A-4, A-5

back panel features

IDS-4235/4250 3-4

IPS-4260 5-7

IPS 4270-20 6-10

BIOS upgrading IDS-4235/4250 3-6

blocking not occurring for signature A-45

bootloader

describing 14-30

upgrading 14-31

Bug Toolkit

described A-1

URL A-1

C

cable management arm

converting 6-31

described 6-30

installing 6-27

cable pinouts

console port 1-35

RJ-45 1-35

RJ-45 to DB-25 1-37

RJ-45 to DB-9 1-37

cannot access sensor A-27

Catalyst software

IDSM-2

enabling full memory tests 9-12

resetting 9-13

changing the memory

Java Plug-in on Linux A-59

Java Plug-in on Solaris A-59

Java Plug-in on Windows A-59

cidDump obtaining information A-96

cisco

default password 12-2

default username 12-2

Cisco.com

accessing software 13-2

downloading software 13-1

software downloads 13-1

Cisco IOS software

IDSM-2

enabling full memory tests 9-13

resetting 9-14

Cisco Security Intelligence Operations

described 13-14

URL 13-14

Cisco Services for IPS

service contract 13-10

supported products 13-10

clear events command 1-29, A-19, A-96

clearing

events A-96

statistics A-82

clear password command A-11, A-14

command and control interfaces

described 1-4

Ethernet 1-2

list 1-4

commands

auto-upgrade-option 14-7

clear events 1-29, A-19, A-96

clear password A-11, A-14

copy backup-config A-3

copy current-config A-3

copy license-key 13-12

debug module-boot A-71

display-serial 1-19, 12-5

downgrade 14-11

hw-module module 1 reset A-70

hw-module module slot_number password-reset A-12

session 12-9

setup 11-1, 11-4, 11-12, 11-19, 11-25, 11-32

show events A-93

show inventory 7-6, A-75

show module 1 8-5

show module 1 details A-70

show settings A-16

show statistics A-82

show statistics virtual-sensor A-26, A-82

show tech-support A-76

show version A-79

upgrade 14-3, 14-6

configuration files

backing up A-2

merging A-2

configuration restrictions

alternate TCP reset interface 1-11

inline interface pairs 1-10

inline VLAN pairs 1-11

interfaces 1-10

physical interfaces 1-10

VLAN groups 1-11

configuring

automatic upgrades 14-9

maintenance partition

IDSM-2 (Catalyst software) 14-36

IDSM-2 (Cisco IOS software) 14-40

upgrades 14-4

console port pinouts 1-35

converting cable management arm 6-31

copy backup-config command A-3

copy current-config command A-3

copy license-key command 13-12

correcting time on the sensor 1-29, A-19

creating service account A-6

cryptographic account

Encryption Software Export Distribution Authorization from 13-2

obtaining 13-2

current configuration backing up A-2

D

DC power supply (IPS-4240) 4-10

debug logging enabling A-47

debug-module-boot command A-71

default password cisco 12-2

default username cisco 12-2

device access issues A-42

Diagnostic Panel

accessing 6-40

component list 6-12

illustration 6-12

indicators 6-12

directing output to serial port 1-20, 12-5

disabling

anomaly detection A-21

password recovery A-15

disaster recovery A-6

displaying

events A-94

password recovery setting A-16

statistics A-82

tech support information A-77

version A-79

display-serial command

described 1-19, 12-5

supported platforms 1-20, 12-5

downgrade command 14-11

downgrading sensors 14-11

downloading software 13-1

duplicate IP addresses A-30

E

electrical safety guidelines 1-31

enabling

debug logging A-47

full memory tests

Catalyst software 9-12

Cisco IOS software 9-13

Encryption Software Export Distribution Authorization form

cryptographic account 13-2

described 13-2

ESD environment working in 1-33

Ethernet port indicators

IPS-4260 5-7

IPS 4270-20 6-11

events displaying A-94

Event Store clearing events 1-29, A-19

event types A-93

examples

ASA failover configuration A-72

expansion card interfaces naming conventions 5-2, 6-3

expansion card slots

IPS-4260 5-19

IPS 4270-20 6-41

external product interfaces

issues A-23

troubleshooting A-24

F

fail-over testing 5-4, 6-5

fan indicators on IPS 4270-20 6-48

fans in IPS 4270-20 6-48

files

Cisco IPS 13-1

IDSM-2 password recovery A-10

upgrade 14-3

finding serial numbers 7-6, A-75

front panel indicators

IDS-4235/4250 3-3

IPS-4260 5-6

IPS 4270-20 6-7

front panel switches on IPS-4260 5-6

FTP servers supported 14-2

G

grounding lugs on IPS-4260 5-15

GRUB menu and password recovery A-9

guidelines

electrical safety 1-31

power supplies 1-32

rack configuration 1-31

H

hardware

four-post racks 3-18

power supply (IDS-4235/4250) 3-11

SCSI hard-disk drives 3-16

spare hard-disk drives 3-5

two-post racks 3-28

hardware bypass

autonegotiation 5-5, 6-5

configuration restrictions 5-5, 6-5

fail-over 5-4, 6-5

IPS-4260 5-4, 6-4

IPS 4270-20 5-4, 6-4

link status changes and drops 5-6, 6-6, A-25

proper configuration 5-5, 6-6, A-25

supported configurations 5-4, 6-4

with software bypass 5-4, 6-4

HTTP/HTTPS supported servers 14-2

hw-module module 1 reset command A-70

hw-module module slot_number password-reset command A-12

I

IDM

Analysis Engine is busy A-61

Java Plug-in A-59

memory A-59

will not load A-60

IDS-4215

4FE card

installing 2-24

removing 2-22

accessories 2-5

back panel

illustration 2-3

indicators 2-3

BIOS upgrade 2-10, 14-18

chassis cover

removing 2-13

replacing 2-14

compact flash device

removing 2-19

replacing 2-21

features 2-2

front panel

illustration 2-2

indicators 2-2

hard-disk drive

removing 2-16

replacing 2-18

installing 2-8

installing system image 14-16

rack mounting 2-7

ROMMON upgrade 2-10, 14-18

specifications 2-4

surface mounting 2-6

upgrading

BIOS 2-10, 14-18

ROMMON 2-10, 14-18

IDS-4235

back panel (illustration) 3-4

described 3-1

front panel (illustration) 3-2

upgrading BIOS 3-6

IDS-4235/4250

accessories 3-10

accessories kit 3-10

back panel features 3-4

bezel

described 3-11

installing 3-11

removing 3-11

front panel indicators 3-3

installation 3-7

installing

power supplies 3-11

SCSI hard-disk drives 3-18

package contents 3-10

rack mounting (2-post) 3-28

rack mounting (4-post) 3-18

specifications 3-5

IDS-4250

back panel (illustration) 3-4

front panel

illustration 3-2

indicators 3-2

installing 3-7

SCSI hard-disk drives 3-18

SX card 3-14

two hard-disk drives 3-17

XL cards 3-14

removing SCSI hard-disk drives 3-17

upgrading the BIOS 3-6

IDS-4250-XL and TCP reset interface 3-7

IDS appliances

four-post racks

installing slide assemblies 3-19

rack kit contents 3-19

tools 3-19

two-post racks

center-mount installations 3-29

flush-mount installations 3-30

unsupported models 1-16

IDSM-2

command and control port A-67

configuring

maintenance partition (Catalyst software) 14-36

maintenance partition (Cisco IOS software) 14-40

described 1-24

enabling full memory tests

Catalyst software 9-12

Cisco IOS software 9-13

front panel 9-3

hot swapping 9-4, 9-8

initializing 11-12

installing

procedure 9-5

required tools 9-4

system image (Catalyst software) 14-34

system image (Cisco IOS software) 14-35

logging in 12-5

password recovery A-10

password recovery image file A-10

PFC 9-5

powering down (Catalyst OS) 9-15

powering down (Cisco IOS) 9-15

powering up (Catalyst OS) 9-15

powering up (Cisco IOS) 9-15

removing 9-10

requirements 9-2

resetting 9-13

Catalyst software 9-13

Cisco IOS software 9-14

setup command 11-12

shutdown

button 9-3

command 9-3

described 9-10

slot assignments 9-5

SPAN 1-24

specifications 9-1

status indicator 9-3

supported configurations 9-2, A-64

time sources 1-27, A-17

upgrading

maintenance partition (Catalyst software) 14-44

maintenance partition (Cisco IOS software) 14-45

VACLs 1-24

verifying installation 9-8

IDSM2

TCP reset port 9-3, A-69

IDS switch module unsupported models 1-16

initialization verifying 11-37

initializing

AIM-IPS 11-19

AIP-SSM 11-25

appliances 11-4

IDSM-2 11-12

NM-CIDS 11-32

sensors 11-1

inline interface pair mode

configuration restrictions 1-10

described 1-12

inline VLAN pair mode

configuration restrictions 1-11

described 1-13

supported sensors 1-13

installation preparation 1-30

installer major version 13-5

installer minor version 13-5

installing

AIM-IPS 7-2, 7-5

AIP-SSM 8-4

cable management arm 6-27

fans (IPS 4270-20) 6-48

IDS-4215 2-8

IDS-4235 3-7

IPS-4240 4-8

IPS-4255 4-8

IPS-4260 5-15

IPS 4270-20 6-34

license key 13-13

NM-CIDS 10-6

power supply (IDS-4235/4250) 3-11

SCSI hard-disk drives (IDS-4235/4250) 3-18

sensor license 13-11

SX cards (IDS-4250) 3-14

system image

AIM-IPS 14-45

AIP-SSM 14-48

IDS-4215 14-16

IDSM-2 (Catalyst software) 14-34

IDSM-2 (Cisco IOS software) 14-35

IPS-4240 14-20

IPS-4255 14-20

IPS-4260 14-23

IPS 4270-20 14-25

XL cards (IDS-4235/4250) 3-14

interface cards

IPS-4260

installing 5-19

removing 5-19

IPS 4270-20

installing 6-41

removing 6-41

interfaces

alternate TCP reset 1-3

command and control 1-3, 1-4

configuration restrictions 1-10

described 1-3

port numbers 1-3

sensing 1-3, 1-4

slot numbers 1-3

TCP reset 1-9

VLAN groups 1-3

interface support (table) 1-5

internal health information on the Diagnostic Panel 6-41

IPS-4240

accessories 4-5

back panel

figure 4-3

indicators 4-3

described 4-1

features 4-2

front panel

figure 4-2

indicators 4-2

installation 4-8

installing

DC power supply 4-10

system image 14-20

password recovery A-9

rack mounting 4-6

reimaging 14-20

specifications 4-4

IPS-4255

accessories 4-5

back panel (figure) 4-3

front panel

figure 4-2

indicators 4-2

installation 4-8

installing the system image 14-20

password recovery A-9

rack mounting 4-6

reimaging 14-20

specifications 4-4

IPS-4260

4GE bypass interface card 5-2

accessories kit 5-9

back panel features 5-7

chassis cover

removing 5-18

replacing 5-18

described 5-1

Ethernet port indicators 5-7

expansion card slots 5-19

features 5-6

front panel indicators 5-6

front panel switches 5-6

grounding lugs 5-15

hardware bypass 5-4, 6-4

installation 5-15

installing

interface cards 5-19

power supply 5-21

system image 14-23

interface naming conventions 5-2

network ports 5-2

performance 5-2

power supplies 5-2

power supply indicators 5-8

rack mounting (2-post) 5-12

rack mounting (4-post) 5-10

reimaging 14-23

removing

interface cards 5-19

power supply 5-21

sensing interfaces 5-2

specifications 5-8

supported PCI cards 5-2

IPS 4270-20

4GE bypass interface card 6-2

accessing Diagnostic Panel 6-40

accessories kit 6-14

back panel features 6-10

chassis cover

removing 6-38

replacing 6-38

converting the cable management arm 6-31

described 6-1

Diagnostic Panel 6-12

Diagnostic Panel (illustration) 6-12

Ethernet port indicators 6-11

Ethernet port indicators (illustration) 6-11

expansion card slots 6-41

extending from a rack 6-24

fan connector and indicator (illustration) 6-48

fan indicators 6-48

fans 6-48

features 6-6

front panel indicators 6-7

front view (illustration) 6-6

hardware bypass 5-4, 6-4

hot-pluggable power supplies 6-43

installation 6-34

installing

cable management arm 6-27

fans 6-48

in a rack 6-16

interface cards 6-41

power supplies 6-43

installing system image 14-25

interface naming conventions 6-3

internal components (figure) 6-9

maximum rack depth 6-15

network ports 6-2

performance 6-2

power supplies 6-2

power supply indicators 6-12

rack requirements 6-16

rail system kit

described 6-15

minimum rack depth 6-15

redundant power supplies 6-43

reimaging 14-25

removing power supplies 6-43

sensing interfaces 6-2

shallow rack installation 6-18

specifications 6-13

supported PCI cards 6-3

switches and indicators (illustration) 6-7

T-15 Torx screwdriver 6-44

IPS appliances

Deny Connection Inline A-74

Deny Packet Inline A-74

Reset TCP Connection A-74

TCP reset packets A-74

IPS modules and time synchronization 1-29, A-18

IPS software

available files 13-1

obtaining 13-1

platform-dependent release examples 13-6

versioning scheme 13-3

IPS software file names

major updates (illustration) 13-4

minor updates (illustration) 13-4

patch releases (illustration) 13-4

service packs (illustration) 13-4

J

Java Plug-in

Linux A-59

Solaris A-59

Windows A-59

L

license key

installing 13-13

status 13-9

trial 13-9

licensing

described 13-9

IPS device serial number 13-9

Licensing pane

configuring 13-11

described 13-9

limitations for concurrent CLI sessions 12-1

logging in

AIM-IPS 12-9

AIP-SSM 12-10

appliances 12-2

IDSM-2 12-5

NM-CIDS 12-6

sensors

SSH 12-11

Telnet 12-11

service role 12-2

terminal servers 1-18, 12-3, 14-14

user role 12-1

loose connections on sensors 6-50, A-25

M

maintenance partition

configuring

IDSM-2 (Catalyst software) 14-36

IDSM-2 (Cisco IOS software) 14-40

major updates described 13-3

manual block to bogus host A-44

MBS not set up properly A-46

memory and IDM A-59

merging configuration files A-2

MIBs supported A-21

minor updates described 13-3

modes

IDS 1-2

inline interface pair 1-12

inline VLAN pair 1-13

IPS 1-2

promiscuous 1-12

VLAN groups 1-13

modules

AIM-IPS 1-20

AIP-SSM 1-22

memory specifications 8-2

specifications 8-1

IDSM-2 1-24, 9-3, 9-4, 9-5, 9-10

NM-CIDS 1-25, 10-2, 10-4, 10-5, 10-6, 10-8, 10-10, 10-12

N

Network Timing Protocol. See NTP.

NM-CIDS

blank panels 10-12

bootloader

file 14-30

overview 14-30

described 1-25

front panel 10-4

hardware architecture 10-3

initializing 11-32

installation 10-6

installing

OIR support 10-8

required tools 10-6

interfaces 10-5

logging in 12-6

OIR support 10-5

password recovery A-11

reimaging 14-28, 14-29

removal 10-10

removing and OIR support 10-10

requirements

hardware 10-3

platforms 10-3

setup command 11-32

specifications 10-2

status indicators 10-5

system image file 14-28

time sources 1-26, 1-28, A-17

upgrading the bootloader 14-31

NTP

described 1-27, A-17

incorrect configuration A-19

time synchronization 1-27, A-17

O

obtaining

cryptographic account 13-2

IPS software 13-1

P

password recovery

appliances A-9

ASA 5500 AIP SSM A-12

described A-8

disabling A-15

GRUB menu A-9

IDSM-2 A-10

IPS-4240 A-9

IPS-4255 A-9

NM-CIDS A-11

platforms A-8

ROMMON A-9

troubleshooting A-16

verifying A-16

patch releases described 13-3

PCI cards supported (IPS 4270-20) 6-3

performance IPS 4270-20 6-2

PFC described 9-5

physical connectivity issues A-33

physical interfaces configuration restrictions 1-10

platforms and concurrent CLI sessions 12-1

Policy Feature Card. See PFC.

powering down

IDSM-2 9-15

powering down IDSM-2 9-15

powering up

IDSM-2 9-15

powering up IDSM-2 9-15

power supplies

hot-pluggable (IPS 4270-20) 6-43

IPS 4270-20

installing 6-43

removing 6-43

redundant (IPS 4270-20) 6-43

power supply

IPS-4260

installing 5-21

removing 5-21

power supply guidelines 1-32

power supply indicators

IPS-4260 5-8

IPS 4270-20 6-12

preparing for sensor installation 1-30

prerequisites for installing AIM-IPS 7-2

promiscuous mode

described 1-12

packet flow 1-12

R

rack configuration guidelines 1-31

rack extension for IPS 4270-20 6-24

rack installation for IPS 4270-20 6-16

rack mounting (2-post)

IDS-4235/4250 3-28

IPS-4260 5-12

rack mounting (4-post)

IDS-4235/4260 3-18

IPS-4260 5-10

rack requirements for IPS 4270-20 6-16

racks

airflow requirements 6-15

space requirements 6-15

rail system

maximum rack depth 6-15

minimum rack depth 6-15

rack hole-types (illustration) 6-15

round holes 6-15

square holes 6-15

threaded holes 6-15

rail system kit

cable management arm 6-27, 6-30

contents 6-15

IPS 4270-20 6-15

required tools 6-15

recover command 14-11

recovering

AIP-SSM A-71

application partition image 14-12

recovery/upgrade CD 14-27

recovery partition upgrading 14-6

reimaging

AIM-IPS 14-45

AIP-SSM 14-48

appliances 14-11

described 14-1

IPS-4240 14-20

IPS-4255 14-20

IPS-4260 14-23

IPS 4270-20 14-25

NM-CIDS 14-29

sensors 13-8, 14-1

removing

AIM-IPS 7-5

AIP-SSM 8-6

chassis cover (IPS-4260) 5-18

chassis cover (IPS 4270-20) 6-38

last applied upgrade 14-11

NM-CIDS 10-10

SCSI hard-disk drives (IDS-4235/4250) 3-17

replacing

chassis cover (IPS-4260) 5-18

chassis cover (IPS 4270-20) 6-38

requirements

AIP-SSM 8-2

racks

airflow 6-15

space 6-15

reset not occurring for a signature A-53

resetting

AIP-SSM A-70

IDSM-2 9-13

passwords

ASDM A-14

hw-module command A-12

resetting the password

ASA 5500 AIP SSM A-12

restoring the current configuration A-4, A-5

restrictions for AIM-IPS 7-3

RJ-45 cable pinouts 1-35

RJ-45 to DB2-5 cable pinouts 1-37

RJ-45 to DB-9 cable pinouts 1-37

ROMMON

described 14-14

IDS-4215 14-16

IPS-4240 14-20

IPS-4255 14-20

IPS-4260 14-23

IPS-4270 14-23

IPS 4270-20 14-25

password recovery A-9

remote sensors 14-14

serial console port 14-14

TFTP 2-10, 14-14

round-trip time. See RTT.

RTT

described 2-10, 14-14

TFTP limitation 2-10, 14-14

S

scheduling automatic upgrades 14-9

security

information on Cisco Security Intelligence Operations 13-14

sensing interfaces

described 1-4

modes 1-4

PCI cards 1-4

sensor not seeing packets A-36

sensor process not running A-31

sensors

access problems A-27

AIP-SSM 1-22

asymmetric traffic and disabling anomaly detection A-21

capturing traffic 1-2

comprehensive deployment 1-2

Comprehensive Deployment Solutions (figure) 1-2

corrupted SensorApp configuration A-38

disaster recovery A-6

downgrading 14-11

electrical guidelines 1-31

IDS mode 1-2

incorrect NTP configuration A-19

initializing 11-1

interface support 1-5

IP address conflicts A-30

IPS mode 1-2

license 13-11

logging in

SSH 12-11

Telnet 12-11

loose connections 6-50, A-25

misconfigured access lists A-29

models 1-15

network topology 1-15

no alerts A-34, A-62

not seeing packets A-36

NTP time synchronization 1-27, A-17

physical connectivity A-33

power supply guidelines 1-32

preparing for installation 1-30

preventive maintenance A-2

rack configuration guidelines 1-31

recovering the system image 13-8

reimaging 13-8, 14-1

sensing process not running A-31

setup command 11-1, 11-4

site guidelines 1-30

supported 1-15

system images 13-8

TCP reset 1-3

time sources 1-27, A-17

troubleshooting software upgrades A-57

unsupported 1-16

serial connection and supported platforms 1-20, 12-5

serial number and the show inventory command 7-6, A-75

service account

creating A-6

described A-5

service packs described 13-3

service role 12-2

session command 12-9

AIM-IPS 12-9

AIP-SSM 12-10

IDSM-2 12-5

NM-CIDS 12-6

sessioning

AIM-IPS 12-9

AIP-SSM 12-10

IDSM-2 12-6

NM-CIDS 12-7

setting up a terminal server 1-18, 12-3, 14-14

setup command 11-1, 11-4, 11-12, 11-19, 11-25, 11-32

shallow rack installation (IPS 4270-20) 6-18

show events command A-93

show interfaces command A-91

show inventory command 7-6, A-75

show module 1 command 8-5

show module 1 details command A-70

show settings command A-16

show statistics command A-81, A-82

show statistics virtual-sensor command A-26, A-82

show tech-support command A-76

show version command A-79

signature/virus update files described 13-4

signature engine update files described 13-5

signatures and no TCP reset A-53

site guidelines for sensors 1-30

slot assignments

IDSM-2 9-5

supervisor engines 9-5

SNMP and supported MIBs A-21

software bypass

supported configurations 5-4, 6-4

with hardware bypass 5-4, 6-4

software downloads Cisco.com 13-1

software file names

recovery (illustration) 13-5

signature/virus updates (illustration) 13-4

signature engine updates (illustration) 13-5

system image (illustration) 13-5

software release examples

platform-dependent 13-6

platform identifiers 13-7

platform-independent 13-6

software requirements for AIM-IPS 7-2

software updates

supported FTP servers 14-2

supported HTTP/HTTPS servers 14-2

SPAN

appliances 1-17

IDSM-2 1-24

SPAN port issues A-33

specifications

AIM-IPS 7-1

IDS-4235/4250 3-5

IPS-4260 5-8

IPS 4270-20 6-13

NM-CIDS 10-2

status of AIP-SSM 8-5

subinterface 0 described 1-13

supported

FTP servers 14-2

HTTP/HTTPS servers 14-2

supported configurations for IDSM-2 9-2, A-64

switch commands for troubleshooting A-64

Switched Port Analyzer. See SPAN.

System Configuration Dialog 11-1

described 11-1

example 11-2

system image and AIM-IPS 14-45

system images and sensors 13-8

T

T-15 Torx screwdriver (IPS 4270-20) 6-44

TAC

service account A-5

show tech-support command A-76

TCP reset 1-3

TCP reset interfaces

conditions 1-10

described 1-9

list 1-9

TCP resets

IDSM2 port 9-3, A-69

TCP resets not occurring A-53

terminal servers setting up 1-18, 12-3, 14-14

testing fail-over 5-4, 6-5

TFTP and RTT 2-10

TFTP servers

maximum file size limitation 14-14

recommended 2-10

UNIX 2-10

Windows 2-10

RTT 14-14

time correction on the sensor 1-29, A-19

time sources

AIM-IPS 1-28, A-17

AIP-SSM 1-28, A-18

appliances 1-27, A-17

IDSM-2 1-27, A-17

NM-CIDS 1-28, A-17

time synchronization and IPS modules 1-29, A-18

trial license key 13-9

troubleshooting A-1

AIP-SSM

commands A-70

debugging A-71

recovering A-71

reset A-70

Analysis Engine busy A-61

applying software updates A-56

ARC

blocking not occurring for signature A-45

described A-39

device access issues A-42

enabling SSH A-44

inactive state A-40

misconfigured MBS A-46

verifying device interfaces A-43

ASA 5500 AIP SSM

failover scenarios A-72

automatic updates A-56

cannot access sensor A-27

cidDump A-96

cidLog messages to syslog A-52

communication A-27

corrupted SensorApp configuration A-38

debug logger zone names (table) A-51

debug logging A-47

Diagnostic Panel (IPS 4270-20) 6-40

disaster recovery A-6

duplicate sensor IP addresses A-30

enabling debug logging A-47

external product interfaces A-24

faulty DIMMs A-38

gathering information A-75

IDM cannot access sensor A-61

IDM will not load A-60

IDSM-2

command and control port A-67

diagnosing problems A-63

not online A-66, A-67

serial cable A-69

status indicator A-65

switch commands A-64

IPS modules and time drift 1-29, A-18

manual block to bogus host A-44

misconfigured access list A-29

no alerts A-34, A-62

NTP A-53

password recovery A-16

physical connectivity issues A-33

preventive maintenance A-2

reset not occurring for a signature A-53

sensing process not running A-31

sensor events A-93

sensor loose connections 6-50, A-25

sensor not seeing packets A-36

sensor software upgrade A-57

service account A-5

show events command A-92

show interfaces command A-91

show statistics command A-81

show tech-support command A-76, A-77

show version command A-79

software upgrade

IDS-4235 A-55

IDS-4250 A-55

software upgrades A-54

SPAN port issue A-33

TCP reset interfaces 3-7

upgrading from 5.x to 6.0 A-54

verifying Analysis Engine is running A-22

verifying ARC status A-39

U

unassigned VLAN groups described 1-13

understanding time on the sensor 1-27, A-17

unsupported sensors 1-16

upgrade command 14-3, 14-6

upgrade files 14-3

upgrading

5.x to 6.0 13-7

files 14-3

from 5.x to 6.0 A-54

maintenance partition

IDSM-2 (Catalyst software) 14-44

IDSM-2 (Cisco IOS software) 14-45

minimum required version 13-7

recovery partition 14-6, 14-11

URLs for Cisco Security Intelligence Operations 13-14

using

debug logging A-47

TCP reset interface 1-10

V

VACLs and IDSM-2 1-24

verifying

IDSM-2 installation 9-8

installation

AIM-IPS 7-6, A-75

NME-IPS 7-6, A-75

installation (AIM-IPS) 7-6

password recovery A-16

sensor initialization 11-37

sensor setup 11-37

VLAN access control list. See VACL.

VLAN groups

802.1q encapsulation 1-14

configuration restrictions 1-11

deploying 1-14

described 1-13

switches 1-14

X

XL cards and fiber ports 3-16