Installing NM CIDS
Note The number of concurrent CLI sessions is limited based on the platform. IDS 4215 and NM CIDS are limited to three concurrent CLI sessions. All other platforms allow ten concurrent sessions.
Note In Cisco IOS documentation, NM CIDS is referred to as the Cisco IDS network module.
Note NM CIDS does not support inline (IPS) mode. It can only be configured for promiscuous (IDS) mode.
Caution
Although NM CIDS has a compact flash slot, a compact flash device is not used. Removing the compact flash cover and installing a compact flash device is not supported. NM CIDS does not operate with a compact flash device installed.
This chapter lists the software and hardware requirements of NM CIDS, and describes how to install and remove it. It contains the following sections:
•Specifications
•Software and Hardware Requirements
•Hardware Architecture
•Front Panel Features
•Interfaces
•Installation and Removal Instructions
Specifications
Table 10-1 lists the specifications for NM CIDS.
Table 10-1 NM CIDS Specifications
|
|
Dimensions (H x W x D) |
1.55 x 7.10 x 7.2 in. (3.9 x 18.0 x 19.3 cm) |
Weight |
1.5 lb (0.7 kg) (maximum) |
Operating temperature |
+32° to +104°F (+0° to +40°C) |
Nonoperating temperature |
-40° to +185°F (-40° to +85°C) |
Humidity |
5% to 95% noncondensing |
Operating altitude |
0 to 10,000 ft (0 to 3,000 m) |
Software and Hardware Requirements
NM CIDS has the following software and hardware requirements.
NM CIDS supports the following software:
•Cisco IOS software 12.2(15)ZJ or later
•Cisco IOS software 12.3(4)T or later
•Cisco IDS software 4.1 or later
Caution
Do not confuse Cisco IOS IDS (a software-based intrusion-detection application that runs in the Cisco IOS) with the IDS that runs on NM CIDS. NM CIDS runs Cisco IPS 5.1. Because performance can be reduced and duplicate alarms can be generated, we recommend that you do not run Cisco IOS IDS and Cisco IPS 51 simultaneously.
NM CIDS supports the following feature sets:
•IOS IP/FW/IDS
•IOS IP/FW/IDS PLUS IPSEC 56
•IOS IP/FW/IDS PLUS IPSEC 3DES
•IOS IP/IPX/AT/DEC/FW/IDS PLUS
•IOS ENTERPRISE/FW/IDS PLUS IPSEC 56
•IOS ENTERPRISE/FW/IDS PLUS IPSEC 3DES
•IOS Advanced Security
•IOS Advanced IP
•IOS Advanced Enterprise
Table 10-2 lists supported and unsupported platforms for NM CIDS.
Table 10-2 Supported and Unsupported Platforms
|
|
Cisco 2600 series |
No |
Cisco 2600XM series |
Yes |
Cisco 2691 |
Yes |
Cisco 3620 |
No |
Cisco 3631 |
No |
Cisco 3640, Cisco 3640A |
No |
Cisco 3660 |
Yes |
Cisco 3725 |
Yes |
Cisco 3745 |
Yes |
Note The supported Cisco series routers only support one NM CIDS per chassis.
Table 10-3 lists the hardware specifications for NM CIDS.
Table 10-3 Hardware Requirements
|
|
Processor |
500 Mhz Intel Mobile Pentium III |
Default SDRAM |
512 MB |
Maximum DSRAM |
512 MB |
Internal disk storage |
NM CIDS 20-GB IDE |
Hardware Architecture
NM CIDS has the following hardware architecture:
•Back-to-back Ethernet, which provides interface-level connectivity to the router.
•100-Mbps full-duplex interface between the router and the module.
•Back-to-back UART, which provides console access from router side.
•Console access to the module from the router.
•External FE interface, which provides a command and control interface.
Figure 10-1 shows the hardware architecture of NM CIDS.
Figure 10-1 NM CIDS Hardware Architecture
Front Panel Features
Figure 10-2 shows the front panel features of the NM CIDS.
Figure 10-2 Front Panel Features
Table 10-4 describes the NM CIDS states as indicated by the status indicators.
Table 10-4 Status Indicators
|
|
ACT |
Activity on the fast ethernet connection. |
DISK |
Activity on the IDS hard-disk drive. |
EN |
NM CIDS has passed self-test and is available to the router. |
LINK |
Fast Ethernet connection is available to NM CIDS. |
PWR |
Power is available to NM CIDS. |
Interfaces
The router-side fast ethernet interface is known as "interface IDS-Sensor." This interface name appears in the show interface and show controller commands. You must assign the IP address to the interface to get console access to IDS.
Caution
We recommend that you assign a loopback address on the monitoring interface, otherwise if the IP address is advertised through routing updates, the monitoring interface can become vulnerable to attacks.
For More Information
For the procedure for assigning the IP address to gain access to the console and for setting up a loopback address, refer to Configuring IDS-Interfaces on the Router.
Installation and Removal Instructions
You must install NM CIDS offline in Cisco 2650XM, 2651XM, and 2961 series routers.
Caution
To avoid damaging NM CIDS, you must turn OFF electrical power and disconnect network cables before you insert NM CIDS in to a chassis slot or remove NM CIDS from a chassis slot.
Cisco 3660 and Cisco 3700 series routers lets you replace network modules without switching off the router or affecting the operation of other interfaces. OIR provides uninterrupted operation to network users, maintains routing information, and ensures session preservation.
Note Cisco 2600, 3600, and 3700 series routers support only one NM CIDS per chassis.
Caution
Unlike other network modules, NM CIDS uses a hard-disk drive. Online removal of hard-disk drives without proper shutdown can result in file system corruption and might render the hard-disk drive unusable. The operating system on NM CIDS must be shut down in an orderly fashion before it is removed.
This section contains the following topics:
•Required Tools
•Installing NM CIDS
•Removing NM CIDS
•Blank Network Module Panels
Required Tools
You need the following tools and equipment to install NM CIDS in a Cisco modular router chassis slot:
•#1 Phillips screwdriver or small flat-blade screwdriver
•ESD-preventive wrist strap
•Tape for DC circuit breaker handle
Installing NM CIDS
This section describes how to install NM CIDS off line and using OIR support, and contains the following topics:
•Installing NM CIDS Offline
•Installing NM CIDS Using OIR Support
Installing NM CIDS Offline
You can install NM CIDS in the chassis either before or after mounting the router, whichever is more convenient.
|
Warning Only trained and qualified personnel should be allowed to install or replace this equipment. To see translations of the warnings that appear in this publication, refer to the Regulatory Compliance and Safety Information document that accompanied this device.
|
Caution
ESD can damage equipment and impair electrical circuitry. Always follow ESD prevention procedures when removing and replacing cards.
To install NM CIDS, follow these steps:
Step 1 Turn OFF electrical power to the router.
To channel ESD voltages to ground, do not unplug the power cable.
Step 2 Remove all network interface cables, including telephone cables, from the back panel.
The following warning applies to routers that use a DC power supply:
|
Warning Before performing any of the following procedures, ensure that power is removed from the DC circuit. To ensure that all power is OFF, locate the circuit breaker on the panel board that services the DC circuit, switch the circuit breaker to the OFF position, and tape the switch handle of the circuit breaker in the OFF position.
|
Step 3 Using either a #1 Phillips screwdriver or a small flat-blade screwdriver, remove the blank filler panel from the chassis slot where you plan to install NM CIDS.
Save the blank panel for future use.
Step 4 Align NM CIDS with the guides in the chassis and slide it gently in to the slot.
Step 5 Push NM CIDS in to place until you feel its edge connector mate securely with the connector on the motherboard.
Step 6 Fasten the captive mounting screws of NM CIDS in to the holes in the chassis, using a Phillips or flat-blade screwdriver.
Step 7 If the router was previously running, reinstall the network interface cables and turn ON power to the router.
The following warning applies to routers that use a DC power supply:
|
Warning After wiring the DC power supply, remove the tape from the circuit breaker switch handle and reinstate power by moving the handle of the circuit breaker to the ON position.
|
Step 8 Connect the command and control port to a hub or switch.
Step 9 Check that NM CIDS indicators light up, and that the Active/Ready indicators on the front panel also light up.
Step 10 Initialize NM CIDS.
Step 11 Upgrade NM CIDS to the most recent Cisco software.
You are now ready to configure intrusion detection on NM CIDS.
For More Information
•For more information on ESD-controlled environments, see Site and Safety Guidelines.
•For the procedure for using the setup command to initialize NM CIDS, see Initializing NM CIDS.
•For the procedure for obtaining the latest IPS software, see Obtaining Cisco IPS Software.
•For the procedure for using HTTPS to log in to IDM, refer to Logging In to IDM.
•For the procedures for configuring intrusion prevention on your sensor, refer to the following documents:
–Installing and Using Cisco Intrusion Prevention System Device Manager 6.0
–Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 6.0
Installing NM CIDS Using OIR Support
To install NM CIDS using OIR support, follow these steps:
Step 1 Align NM CIDS with the guides in the chassis slot and slide it gently in to the slot.
Step 2 Push NM CIDS in to place until you feel its edge connector mate securely with the connector on the backplane.
Step 3 Tighten the two captive screws on the faceplate.
Step 4 Connect the command and control port to a hub or switch.
Step 5 Verify that NM CIDS indicators light up, and that the Active/Ready indicators on the front panel also light up.
Step 6 Initialize NM CIDS.
Step 7 Upgrade NM CIDS to the most recent Cisco IPS software.
You are now ready to configure intrusion detection on NM CIDS.
For More Information
•For the procedure for using the setup command to initialize NM CIDS, see Initializing NM CIDS.
•For the procedure for obtaining the latest IPS software, see Obtaining Cisco IPS Software.
•For the procedure for using HTTPS to log in to IDM, refer to Logging In to IDM.
•For the procedures for configuring intrusion prevention on your sensor, refer to the following documents:
–Installing and Using Cisco Intrusion Prevention System Device Manager 6.0
–Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 6.0
Removing NM CIDS
This section describes how to remove NM CIDS offline or using OIR support, and contains the following topics:
•Removing NM CIDS Offline
•Removing NM CIDS Using OIR Support
Removing NM CIDS Offline
You must turn off all power to the router before removing NM CIDS.
To remove NM CIDS from the router chassis, follow these steps:
Step 1 Prepare NM CIDS to be powered off:
router# service-module IDS-Sensor slot_number/0 shutdown
Trying 10.10.10.1, 2129 ... Open
Wait for the shutdown message before continuing with Step 2:
%SERVICEMODULE-5-SHUTDOWN2:Service module IDS-Sensor1/0 shutdown complete
Step 2 Turn OFF electrical power to the router.
To channel ESD voltages to ground, do not unplug the power cable.
Step 3 Unplug the command and control network interface cable from NM CIDS.
Step 4 Loosen the two captive screws holding NM CIDS in the chassis slot.
Step 5 Slide NM CIDS out of the slot.
Note Either install a replacement NM CIDS or install a blank panel.
For More Information
•For the procedure for installing replacement NM CIDS, see Installing NM CIDS Offline.
•For the procedure for installing a black panel, see Blank Network Module Panels.
Removing NM CIDS Using OIR Support
Caution
Cisco 3660 and Cisco 3700 series routers support OIR with similar modules only. If you remove an NM CIDS, install another NM CIDS in its place.
To remove NM CIDS with OIR support, follow these steps:
Step 1 Prepare NM CIDS to be powered off:
router# service-module IDS-Sensor slot_number/0 shutdown
Trying 10.10.10.1, 2129 ... Open
Wait for the shutdown message before continuing with Step 2:
%SERVICEMODULE-5-SHUTDOWN2:Service module IDS-Sensor1/0 shutdown complete
Step 2 Unplug the command and control network interface cable from NM CIDS.
Step 3 Loosen the two captive screws holding NM CIDS in the chassis slot.
Step 4 Slide NM CIDS out of the slot.
Note Either install a replacement NM CIDS or install a blank panel.
For More Information
•For the procedure for installing replacement NM CIDS, see Installing NM CIDS Offline.
•For the procedure for installing a black panel, see Blank Network Module Panels.
Blank Network Module Panels
If the router is not fully configured with network modules, make sure that blank panels fill the unoccupied chassis slots to provide proper airflow as shown in Figure 10-3.
Figure 10-3 Blank Network Module Panel