Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 6.0
Installing NM-CIDS
Downloads: This chapterpdf (PDF - 337.0KB) The complete bookPDF (PDF - 9.72MB) | Feedback

Installing NM CIDS

Table Of Contents

Installing NM CIDS

Specifications

Software and Hardware Requirements

Hardware Architecture

Front Panel Features

Interfaces

Installation and Removal Instructions

Required Tools

Installing NM CIDS

Installing NM CIDS Offline

Installing NM CIDS Using OIR Support

Removing NM CIDS

Removing NM CIDS Offline

Removing NM CIDS Using OIR Support

Blank Network Module Panels


Installing NM CIDS



Note The number of concurrent CLI sessions is limited based on the platform. IDS 4215 and NM CIDS are limited to three concurrent CLI sessions. All other platforms allow ten concurrent sessions.



Note In Cisco IOS documentation, NM CIDS is referred to as the Cisco IDS network module.



Note NM CIDS does not support inline (IPS) mode. It can only be configured for promiscuous (IDS) mode.



Caution Although NM CIDS has a compact flash slot, a compact flash device is not used. Removing the compact flash cover and installing a compact flash device is not supported. NM CIDS does not operate with a compact flash device installed.

This chapter lists the software and hardware requirements of NM CIDS, and describes how to install and remove it. It contains the following sections:

Specifications

Software and Hardware Requirements

Hardware Architecture

Front Panel Features

Interfaces

Installation and Removal Instructions

Specifications

Table 10-1 lists the specifications for NM CIDS.

Table 10-1 NM CIDS Specifications 

Specification
Description

Dimensions (H x W x D)

1.55 x 7.10 x 7.2 in. (3.9 x 18.0 x 19.3 cm)

Weight

1.5 lb (0.7 kg) (maximum)

Operating temperature

+32° to +104°F (+0° to +40°C)

Nonoperating temperature

-40° to +185°F (-40° to +85°C)

Humidity

5% to 95% noncondensing

Operating altitude

0 to 10,000 ft (0 to 3,000 m)


Software and Hardware Requirements

NM CIDS has the following software and hardware requirements.

NM CIDS supports the following software:

Cisco IOS software 12.2(15)ZJ or later

Cisco IOS software 12.3(4)T or later

Cisco IDS software 4.1 or later


Caution Do not confuse Cisco IOS IDS (a software-based intrusion-detection application that runs in the Cisco IOS) with the IDS that runs on NM CIDS. NM CIDS runs Cisco IPS 5.1. Because performance can be reduced and duplicate alarms can be generated, we recommend that you do not run Cisco IOS IDS and Cisco IPS 51 simultaneously.

NM CIDS supports the following feature sets:

IOS IP/FW/IDS

IOS IP/FW/IDS PLUS IPSEC 56

IOS IP/FW/IDS PLUS IPSEC 3DES

IOS IP/IPX/AT/DEC/FW/IDS PLUS

IOS ENTERPRISE/FW/IDS PLUS IPSEC 56

IOS ENTERPRISE/FW/IDS PLUS IPSEC 3DES

IOS Advanced Security

IOS Advanced IP

IOS Advanced Enterprise

Table 10-2 lists supported and unsupported platforms for NM CIDS.

Table 10-2 Supported and Unsupported Platforms 

Router
NM CIDS

Cisco 2600 series

No

Cisco 2600XM series

Yes

Cisco 2691

Yes

Cisco 3620

No

Cisco 3631

No

Cisco 3640, Cisco 3640A

No

Cisco 3660

Yes

Cisco 3725

Yes

Cisco 3745

Yes



Note The supported Cisco series routers only support one NM CIDS per chassis.


Table 10-3 lists the hardware specifications for NM CIDS.

Table 10-3 Hardware Requirements 

Feature
Description

Processor

500 Mhz Intel Mobile Pentium III

Default SDRAM

512 MB

Maximum DSRAM

512 MB

Internal disk storage

NM CIDS 20-GB IDE


Hardware Architecture

NM CIDS has the following hardware architecture:

Back-to-back Ethernet, which provides interface-level connectivity to the router.

100-Mbps full-duplex interface between the router and the module.

Back-to-back UART, which provides console access from router side.

Console access to the module from the router.

External FE interface, which provides a command and control interface.

Figure 10-1 shows the hardware architecture of NM CIDS.

Figure 10-1 NM CIDS Hardware Architecture

Front Panel Features

Figure 10-2 shows the front panel features of the NM CIDS.

Figure 10-2 Front Panel Features

Table 10-4 describes the NM CIDS states as indicated by the status indicators.

Table 10-4 Status Indicators 

Indicator
Description

ACT

Activity on the fast ethernet connection.

DISK

Activity on the IDS hard-disk drive.

EN

NM CIDS has passed self-test and is available to the router.

LINK

Fast Ethernet connection is available to NM CIDS.

PWR

Power is available to NM CIDS.


Interfaces

The router-side fast ethernet interface is known as "interface IDS-Sensor." This interface name appears in the show interface and show controller commands. You must assign the IP address to the interface to get console access to IDS.


Caution We recommend that you assign a loopback address on the monitoring interface, otherwise if the IP address is advertised through routing updates, the monitoring interface can become vulnerable to attacks.

For More Information

For the procedure for assigning the IP address to gain access to the console and for setting up a loopback address, refer to Configuring IDS-Interfaces on the Router.

Installation and Removal Instructions

You must install NM CIDS offline in Cisco 2650XM, 2651XM, and 2961 series routers.


Caution To avoid damaging NM CIDS, you must turn OFF electrical power and disconnect network cables before you insert NM CIDS in to a chassis slot or remove NM CIDS from a chassis slot.

Cisco 3660 and Cisco 3700 series routers lets you replace network modules without switching off the router or affecting the operation of other interfaces. OIR provides uninterrupted operation to network users, maintains routing information, and ensures session preservation.


Note Cisco 2600, 3600, and 3700 series routers support only one NM CIDS per chassis.



Caution Unlike other network modules, NM CIDS uses a hard-disk drive. Online removal of hard-disk drives without proper shutdown can result in file system corruption and might render the hard-disk drive unusable. The operating system on NM CIDS must be shut down in an orderly fashion before it is removed.

This section contains the following topics:

Required Tools

Installing NM CIDS

Removing NM CIDS

Blank Network Module Panels

Required Tools

You need the following tools and equipment to install NM CIDS in a Cisco modular router chassis slot:

#1 Phillips screwdriver or small flat-blade screwdriver

ESD-preventive wrist strap

Tape for DC circuit breaker handle

Installing NM CIDS

This section describes how to install NM CIDS off line and using OIR support, and contains the following topics:

Installing NM CIDS Offline

Installing NM CIDS Using OIR Support

Installing NM CIDS Offline

You can install NM CIDS in the chassis either before or after mounting the router, whichever is more convenient.


Warning Only trained and qualified personnel should be allowed to install or replace this equipment. To see translations of the warnings that appear in this publication, refer to the Regulatory Compliance and Safety Information document that accompanied this device.

Caution ESD can damage equipment and impair electrical circuitry. Always follow ESD prevention procedures when removing and replacing cards.

To install NM CIDS, follow these steps:


Step 1 Turn OFF electrical power to the router.

To channel ESD voltages to ground, do not unplug the power cable.

Step 2 Remove all network interface cables, including telephone cables, from the back panel.

The following warning applies to routers that use a DC power supply:


Warning Before performing any of the following procedures, ensure that power is removed from the DC circuit. To ensure that all power is OFF, locate the circuit breaker on the panel board that services the DC circuit, switch the circuit breaker to the OFF position, and tape the switch handle of the circuit breaker in the OFF position.

Step 3 Using either a #1 Phillips screwdriver or a small flat-blade screwdriver, remove the blank filler panel from the chassis slot where you plan to install NM CIDS.

Save the blank panel for future use.

Step 4 Align NM CIDS with the guides in the chassis and slide it gently in to the slot.

Step 5 Push NM CIDS in to place until you feel its edge connector mate securely with the connector on the motherboard.

Step 6 Fasten the captive mounting screws of NM CIDS in to the holes in the chassis, using a Phillips or flat-blade screwdriver.

Step 7 If the router was previously running, reinstall the network interface cables and turn ON power to the router.

The following warning applies to routers that use a DC power supply:


Warning After wiring the DC power supply, remove the tape from the circuit breaker switch handle and reinstate power by moving the handle of the circuit breaker to the ON position.

Step 8 Connect the command and control port to a hub or switch.

Step 9 Check that NM CIDS indicators light up, and that the Active/Ready indicators on the front panel also light up.

Step 10 Initialize NM CIDS.

Step 11 Upgrade NM CIDS to the most recent Cisco software.

You are now ready to configure intrusion detection on NM CIDS.


For More Information

For more information on ESD-controlled environments, see Site and Safety Guidelines.

For the procedure for using the setup command to initialize NM CIDS, see Initializing NM CIDS.

For the procedure for obtaining the latest IPS software, see Obtaining Cisco IPS Software.

For the procedure for using HTTPS to log in to IDM, refer to Logging In to IDM.

For the procedures for configuring intrusion prevention on your sensor, refer to the following documents:

Installing and Using Cisco Intrusion Prevention System Device Manager 6.0

Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 6.0

Installing NM CIDS Using OIR Support

To install NM CIDS using OIR support, follow these steps:


Step 1 Align NM CIDS with the guides in the chassis slot and slide it gently in to the slot.

Step 2 Push NM CIDS in to place until you feel its edge connector mate securely with the connector on the backplane.

Step 3 Tighten the two captive screws on the faceplate.

Step 4 Connect the command and control port to a hub or switch.

Step 5 Verify that NM CIDS indicators light up, and that the Active/Ready indicators on the front panel also light up.

Step 6 Initialize NM CIDS.

Step 7 Upgrade NM CIDS to the most recent Cisco IPS software.

You are now ready to configure intrusion detection on NM CIDS.


For More Information

For the procedure for using the setup command to initialize NM CIDS, see Initializing NM CIDS.

For the procedure for obtaining the latest IPS software, see Obtaining Cisco IPS Software.

For the procedure for using HTTPS to log in to IDM, refer to Logging In to IDM.

For the procedures for configuring intrusion prevention on your sensor, refer to the following documents:

Installing and Using Cisco Intrusion Prevention System Device Manager 6.0

Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 6.0

Removing NM CIDS

This section describes how to remove NM CIDS offline or using OIR support, and contains the following topics:

Removing NM CIDS Offline

Removing NM CIDS Using OIR Support

Removing NM CIDS Offline

You must turn off all power to the router before removing NM CIDS.

To remove NM CIDS from the router chassis, follow these steps:


Step 1 Prepare NM CIDS to be powered off:

router# service-module IDS-Sensor slot_number/0 shutdown
Trying 10.10.10.1, 2129 ... Open
 
   

Wait for the shutdown message before continuing with Step 2:

%SERVICEMODULE-5-SHUTDOWN2:Service module IDS-Sensor1/0 shutdown complete 

Step 2 Turn OFF electrical power to the router.

To channel ESD voltages to ground, do not unplug the power cable.

Step 3 Unplug the command and control network interface cable from NM CIDS.

Step 4 Loosen the two captive screws holding NM CIDS in the chassis slot.

Step 5 Slide NM CIDS out of the slot.


Note Either install a replacement NM CIDS or install a blank panel.



For More Information

For the procedure for installing replacement NM CIDS, see Installing NM CIDS Offline.

For the procedure for installing a black panel, see Blank Network Module Panels.

Removing NM CIDS Using OIR Support


Caution Cisco 3660 and Cisco 3700 series routers support OIR with similar modules only. If you remove an NM CIDS, install another NM CIDS in its place.

To remove NM CIDS with OIR support, follow these steps:


Step 1 Prepare NM CIDS to be powered off:

router# service-module IDS-Sensor slot_number/0 shutdown
Trying 10.10.10.1, 2129 ... Open
 
   

Wait for the shutdown message before continuing with Step 2:

%SERVICEMODULE-5-SHUTDOWN2:Service module IDS-Sensor1/0 shutdown complete
 
   

Step 2 Unplug the command and control network interface cable from NM CIDS.

Step 3 Loosen the two captive screws holding NM CIDS in the chassis slot.

Step 4 Slide NM CIDS out of the slot.


Note Either install a replacement NM CIDS or install a blank panel.



For More Information

For the procedure for installing replacement NM CIDS, see Installing NM CIDS Offline.

For the procedure for installing a black panel, see Blank Network Module Panels.

Blank Network Module Panels

If the router is not fully configured with network modules, make sure that blank panels fill the unoccupied chassis slots to provide proper airflow as shown in Figure 10-3.

Figure 10-3 Blank Network Module Panel