-
Installing Cisco Intrusion Prevention System Appliances and Modules 6.0
-
Preface
-
Introducing the Sensor
-
Installing IDS-4215
-
Installing IDS-4235 and IDS-4250
-
Installing IPS-4240 and IPS-4255
-
Installing IPS-4260
-
Installing IPS 4270-20
-
Installing AIM-IPS
-
Installing AIP-SSM
-
Installing IDSM-2
-
Installing NM-CIDS
-
Initializing the Sensor
-
Logging In to the Sensor
-
Obtaining Software
-
Upgrading, Downgrading, and Installing System Images
-
Troubleshooting
-
Glossary
-
Index
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - R - S - T - U - V - X -
Index
Numerics
2SX card
4GE bypass interface card
configuration restrictions 5-4, 6-5
802.1q encapsulation
VLAN groups 1-13
A
accelerator cards see XL cards
accessing
Diagnostic Panel (IPS 4270-20) 6-39
IPS software 13-2
access list misconfiguration A-26
accessories
four-post racks
installing appliances in racks 3-21
installing cable-management arms 3-22
installing slide assemblies 3-19
rack-kit contents 3-19
routing cables 3-26
tools 3-19
IDS-4235/4250 package contents 3-10
two-post racks
center-mount installations 3-29
flush-mount installations 3-30
marking racks 3-29
rack kit contents 3-28
tools 3-28
actions
IP logs 1-3
multiple packet drop 1-3
TCP reset 1-3
active update bulletins subscribing to 13-15
adaptive security appliance described 1-22
AIM-IPS
branch router (illustration) 1-21
described 1-20
illustration 1-22
initializing 11-19
installing 7-5
installing system image 14-47
logging in 12-9
reimaging 14-47
removing 7-5
restrictions 7-3
session command 12-9
sessioning 12-9
setup command 11-19
software requirements 7-2
specifications 7-1
verifying installation 7-6, A-70
AIP-SSM
described 1-22
indicators described 8-3
initializing 11-25
installing 8-4
installing system image 14-50
logging in 12-10
memory specifications 8-2
models 1-22
password recovery A-11
recovering A-68
reimaging 14-50
removing 8-6
requirements 8-2
resetting A-68
session command 12-10
setup command 11-25
show module 1 command 8-5
specifications 8-1
verifying status 8-5
alternate TCP reset interface configuration restrictions 1-11
Analysis Engine
busy A-23
error messages A-23
IDM exits A-59
verify it is running A-20
anomaly detection disabling A-19
appliances
ACLs 1-3
application partition image 14-13
described 1-17
four-post racks
installing appliances in racks 3-21
installing cable-management arms 3-22
routing cables 3-26
GRUB menu A-8
hardware
dual serial communication cables 3-7
spare hard-disk drives 3-5
terminal settings 3-7
IDS-4215
rack mounting 2-7
surface mounting 2-6
IDS-4235/4250
front panel 3-2
indicators 3-3
initializing 11-4
installing
XL cards (IDS-4235/4250) 3-14
XL cards (IDS-4250) 3-14
logging in 12-2
managers 1-17
models 1-17
password recovery A-8
recovering software image 14-29
restrictions 1-18
SPAN 1-17
TCP reset 1-3
terminal servers
two-post racks
marking racks 3-29
rack kit contents 3-28
tools 3-28
upgrading recovery partition 14-6
XL card fiber ports 3-16
application partition image recovering 14-13
applying software updates A-54
ARC
blocking not occurring for signature A-42
device access issues A-40
enabling SSH A-42
inactive state A-38
misconfigured MBS A-43
troubleshooting A-36
verifying device interfaces A-41
verifying status A-37
asymmetric traffic disabling anomaly detection A-19
attack responses TCP reset 1-3
automatic updates troubleshooting A-54
automatic upgrades
examples 14-11
information required 14-7
autonegotiation hardware bypass 5-5, 6-5
auto-upgrade-option command 14-7
B
backing up
configuration A-2
current configuration A-4
back panel features
IDS-4235/4250 3-4
IPS-4260 5-6
IPS 4270-20 6-9
BIOS upgrading IDS-4235/4250 3-6
blocking not occurring for signature A-42
bootloader
explaining 14-32
upgrading 14-32
C
cable management arm
converting 6-30
described 6-29
installing 6-26
cable pinouts
console port 1-35
RJ-45 1-35
RJ-45 to DB-25 1-37
RJ-45 to DB-9 1-37
cannot access sensor A-24
Catalyst software
IDSM-2
enabling full memory tests 9-12
resetting 9-13
changing the memory
Java Plug-in on Linux A-57
Java Plug-in on Solaris A-57
Java Plug-in on Windows A-57
cidDump obtaining information A-92
cisco
default password 12-2
default username 12-2
Cisco.com
accessing software 13-2
Active Update Bulletins 13-15
downloading software 13-1
IPS software 13-1
software downloads 13-1
Cisco IOS software
IDSM-2
enabling full memory tests 9-13
resetting 9-14
Cisco Security Center
described 13-16
URL 13-16
Cisco Services for IPS
service contract 13-10
supported products 13-10
clear events command 1-29, A-17, A-92
clearing
events A-92
statistics A-78
clear password command A-10, A-11
command and control interfaces
described 1-4
Ethernet 1-2
list 1-4
commands
auto-upgrade-option 14-7
copy backup-config A-3
copy current-config A-3
copy license-key 13-13
debug module-boot A-68
downgrade 14-12
hw-module module 1 reset A-68
hw-module module slot_number password-reset A-11
session 12-9
setup 11-1, 11-4, 11-12, 11-19, 11-25, 11-32
show events A-89
show module 1 8-5
show module 1 details A-67
show settings A-13
show statistics A-77
show statistics virtual-sensor A-23, A-77
show tech-support A-72
show version A-74
configuration files
backing up A-2
merging A-2
configuration restrictions
alternate TCP reset interface 1-11
inline interface pairs 1-10
inline VLAN pairs 1-11
interfaces 1-10
physical interfaces 1-10
VLAN groups 1-11
configuring
automatic upgrades 14-9
maintenance partition
IDSM-2 (Catalyst software) 14-38
IDSM-2 (Cisco IOS software) 14-42
upgrades 14-4
console port pinouts 1-35
converting cable management arm 6-30
copy backup-config command A-3
copy current-config command A-3
copy license-key command 13-13
correcting time on the sensor 1-29, A-17
creating service account A-5
cryptographic account
Encryption Software Export Distribution Authorization from 13-2
obtaining 13-2
current configuration backing up A-2
D
DC power supply (IPS-4240) 4-10
debug logging enabling A-45
debug-module-boot command A-68
default password cisco 12-2
default username cisco 12-2
device access issues A-40
Diagnostic Panel
accessing 6-39
component list 6-11
illustration 6-11
indicators 6-11
directing output to serial port 1-20, 12-5
disabling
anomaly detection A-19
password recovery A-12
disaster recovery A-6
displaying
events A-90
password recovery setting A-13
statistics A-78
tech support information A-72
version A-75
display-serial command
supported platforms 1-20, 12-5
downgrade command 14-12
downgrading sensors 14-12
downloading software 13-1
duplicate IP addresses A-27
E
electrical safety guidelines 1-31
enabling
debug logging A-45
full memory tests
Catalyst software 9-12
Cisco IOS software 9-13
Encryption Software Export Distribution Authorization form
cryptographic account 13-2
described 13-2
error messages Analysis Engine is busy A-23
ESD environment working in 1-33
Ethernet port indicators
IPS-4260 5-7
IPS 4270-20 6-10
events displaying A-90
Event Store clearing events 1-29, A-17
event types A-88
expansion card interfaces naming conventions 5-2, 6-3
expansion card slots
IPS-4260 5-19
IPS 4270-20 6-40
external product interfaces
issues A-21
troubleshooting A-22
F
fan indicators IPS 4270-20 6-47
fans IPS 4270-20 6-47
files
IDSM-2 password recovery A-10
upgrade 14-3
finding serial number 7-6, A-70
front panel indicators
IDS-4235/4250 3-3
IPS-4260 5-6
IPS 4270-20 6-7
front panel switches IPS-4260 5-5
FTP servers supported 14-2
G
grounding lugs IPS-4260 5-15
GRUB menu password recovery A-8
guidelines
electrical safety 1-31
power supplies 1-32
rack configuration 1-31
H
hardware
four-post racks 3-18
power supply (IDS-4235/4250) 3-11
SCSI hard-disk drives 3-16
spare hard-disk drives 3-5
two-post racks 3-28
hardware bypass
configuration restrictions 5-4, 6-5
supported configurations 5-4, 6-4
HTTP/HTTPS
supported servers 14-2
hw-module module 1 reset command A-68
hw-module module slot_number password-reset command A-11
I
IDM
Analysis Engine is busy A-59
Java Plug-in A-56
memory A-56
will not load A-58
IDM will not load clear Java cache A-58
IDS-4215
4FE card
installing 2-24
removing 2-22
accessories 2-5
back panel
illustration 2-3
indicators 2-3
chassis cover
removing 2-13
replacing 2-14
compact flash device
removing 2-19
replacing 2-21
features 2-2
front panel
illustration 2-2
indicators 2-2
hard-disk drive
removing 2-16
replacing 2-18
installing 2-8
installing system image 14-17
rack mounting 2-7
specifications 2-4
surface mounting 2-6
upgrading
IDS-4235
back panel (illustration) 3-4
described 3-1
front panel (illustration) 3-2
upgrading BIOS 3-6
IDS-4235/4250
accessories kit 3-10
back panel features 3-4
bezel
described 3-11
installing 3-11
removing 3-11
front panel indicators 3-3
installing 3-7
installing power supply 3-11
rack mounting (2-post) 3-28
rack mounting (4-post) 3-18
SCSI hard-disk drives installing 3-18
specifications 3-5
IDS-4250
back panel (illustration) 3-4
front panel
illustration 3-2
indicators 3-2
installing 3-7
SX card 3-14
two hard-disk drives 3-17
XL cards 3-14
installing SCSI hard-disk drives 3-18
SCSI hard-disk drives removing 3-17
upgrading BIOS 3-6
IDS-4250-XL TCP reset interface 3-7
IDS appliances
four-post racks
installing slide assemblies 3-19
rack kit contents 3-19
tools 3-19
two-post racks
center-mount installations 3-29
flush-mount installations 3-30
unsupported models 1-16
IDSM-2
command and control port A-65
configuring
maintenance partition (Catalyst software) 14-38
maintenance partition (Cisco IOS software) 14-42
described 1-24
enabling full memory tests
Catalyst software 9-12
Cisco IOS software 9-13
front panel 9-3
initializing 11-12
installing
procedure 9-5
required tools 9-4
system image (Catalyst software) 14-36
system image (Cisco IOS software) 14-37
logging in 12-5
password recovery A-10
password recovery image file A-10
PFC 9-5
powering down (Catalyst OS) 9-15
powering down (Cisco IOS) 9-15
powering up (Catalyst OS) 9-15
powering up (Cisco IOS) 9-15
removing 9-10
requirements 9-2
resetting 9-13
Catalyst software 9-13
Cisco IOS software 9-14
setup command 11-12
shutdown
button 9-3
command 9-3
described 9-10
slot assignments 9-5
SPAN 1-24
specifications 9-1
status indicator 9-3
supported configurations 9-2, A-62
TCP reset port 9-3
upgrading
maintenance partition (Catalyst software) 14-46
maintenance partition (Cisco IOS software) 14-46
VACLs 1-24
verifying installation 9-8
IDS switch modules unsupported models 1-16
initialization verifying 11-37
initializing
AIM-IPS 11-19
AIP-SSM 11-25
appliances 11-4
IDSM-2 11-12
NM-CIDS 11-32
sensors 11-1
inline interface pair mode described 1-12
inline interface pairs configuration restrictions 1-10
inline VLAN pair mode
described 1-13
supported sensors 1-13
inline VLAN pairs configuration restrictions 1-11
installation preparation 1-30
installer major version described 13-6
installer minor version described 13-6
installing
AIM-IPS 7-5
prerequisites (AIM-IPS) 7-2
AIP-SSM 8-4
cable management arm 6-26
fans (IPS 4270-20) 6-47
IDS-4215 2-8
IDS-4235 3-7
IPS-4240 4-8
IPS-4255 4-8
IPS-4260 5-15
IPS 4270-20 6-33
license key 13-14
NM-CIDS 10-6
NME-IPS
prerequisites 7-2
power supply (IDS-4235/4250) 3-11
SCSI hard-disk drives (IDS-4235/4250) 3-18
sensor license 13-12
SX cards (IDS-4250) 3-14
system image
AIM-IPS 14-47
AIP-SSM 14-50
IDS-4215 14-17
IDSM-2 (Catalyst software) 14-36
IDSM-2 (Cisco IOS software) 14-37
IPS-4240 14-21
IPS-4255 14-21
IPS-4260 14-24
IPS 4270-20 14-26
XL cards (IDS-4235/4250) 3-14
interface 4270-20
removing
interface cards 6-40
interface cards
IPS-4260
installing 5-19
removing 5-19
IPS 4270-20
installing 6-40
removing 6-40
interfaces
alternate TCP reset 1-3
configuration restrictions 1-10
described 1-3
port numbers 1-3
slot numbers 1-3
TCP reset 1-9
VLAN groups 1-3
interface support (table) 1-5
internal health information
Diagnostic Panel 6-40
IPS-4240
accessories 4-5
back panel
figure 4-3
indicators 4-3
described 4-1
features 4-2
front panel
figure 4-2
indicators 4-2
installing 4-8
DC power supply 4-10
system image 14-21
password recovery A-9
rack mounting 4-6
reimaging 14-21
specifications 4-4
IPS-4255
accessories 4-5
back panel (figure) 4-3
front panel
figure 4-2
indicators 4-2
installing 4-8
installing system image 14-21
password recovery A-9
rack mounting 4-6
reimaging 14-21
specifications 4-4
IPS-4260
4GE bypass interface card 5-2
accessories kit 5-9
back panel features 5-6
chassis cover
removing 5-18
replacing 5-18
described 5-1
Ethernet port indicators 5-7
expansion card slots 5-19
features 5-5
front panel indicators 5-6
front panel switches 5-5
grounding lugs 5-15
installing 5-15
installing interface cards 5-19
installing system image 14-24
interface naming conventions 5-2
network ports 5-2
performance 5-2
power supplies 5-2
power supply indicators 5-7
rack mounting (2-post) 5-12
rack mounting (4-post) 5-9
reimaging 14-24
removing interface cards 5-19
sensing interfaces 5-2
specifications 5-7
supported PCI cards 5-2
IPS 4270-20
4GE bypass interface card 6-2
accessing Diagnostic Panel 6-39
accessories kit 6-13
back panel features 6-9
chassis cover
removing 6-37
replacing 6-37
converting cable management arm 6-30
described 6-1
Diagnostic Panel 6-11
Diagnostic Panel (illustration) 6-11
Ethernet port indicators 6-10
Ethernet port indicators (illustration) 6-10
expansion card slots 6-40
extending from a rack 6-23
fan connector and indicator (illustration) 6-47
fan indicators 6-47
fans 6-47
features 6-6
front panel indicators 6-7
front view (illustration) 6-6
hot-pluggable power supplies 6-42
installation 6-33
installing
cable management arm 6-26
fans 6-47
in a rack 6-15
interface cards 6-40
power supplies 6-42
installing system image 14-26
interface naming conventions 6-3
internal components (figure) 6-8
maximum rack depth 6-14
network ports 6-2
performance 6-2
power supplies 6-2
power supply indicators 6-11
rack requirements 6-15
rail system kit
described 6-14
minimum rack depth 6-14
redundant power supplies 6-42
reimaging 14-26
removing power supplies 6-42
sensing interfaces 6-2
shallow rack installation 6-17
specifications 6-12
supported PCI cards 6-3
switches and indicators (illustration) 6-6
T-15 Torx screwdriver 6-43
IPS modules time synchronization 1-29, A-16
IPS software
available files 13-1
obtaining 13-1
platform-dependent release examples 13-7
IPS software file names
major updates (illustration) 13-3
minor updates (illustration) 13-3
patch releases (illustration) 13-3
service packs (illustration) 13-3
J
Java Plug-in
Linux A-57
Solaris A-57
Windows A-57
L
license key
installing 13-14
status 13-10
trial 13-10
licensing
described 13-9
IPS device serial number 13-9
Licensing pane
configuring 13-12
described 13-9
limitations concurrent CLI sessions 12-1
logging in
AIM-IPS 12-9
AIP-SSM 12-10
appliances 12-2
IDSM-2 12-5
NM-CIDS 12-6
sensors
SSH 12-11
Telnet 12-11
service role 12-2
terminal servers 1-18, 12-3, 14-16
user role 12-1
loose connections sensors 6-49, A-22
M
maintenance partition
configuring
IDSM-2 (Catalyst software) 14-38
IDSM-2 (Cisco IOS software) 14-42
major updates described 13-3
manual block to bogus host A-42
MBS not set up properly A-43
memory IDM A-56
merging configuration files A-2
MIBs supported A-18
minor updates described 13-4
modes
IDS 1-2
inline interface pair 1-12
inline VLAN pair 1-13
IPS 1-2
promiscuous 1-12
VLAN groups 1-13
modules
AIM-IPS 1-20
AIP-SSM 1-22
memory specifications (AIM-IPS) 8-2
specifications (AIM-IPS) 8-1
IDSM-2 1-24, 9-3, 9-4, 9-5, 9-10
NM-CIDS 1-25, 10-2, 10-4, 10-5, 10-6, 10-8, 10-10, 10-12
N
Network Timing Protocol see NTP
NM-CIDS
blank panels 10-12
bootloader
file 14-32
overview 14-32
described 1-25
front panel 10-4
hardware architecture 10-3
initializing 11-32
installing 10-6
OIR support 10-8
required tools 10-6
interfaces 10-5
logging in 12-6
OIR support 10-5
password recovery A-10
reimaging 14-30
removing 10-10
OIR support 10-10
requirements
hardware 10-3
platforms 10-3
setup command 11-32
specifications 10-2
status indicators 10-5
system image file 14-30
upgrading bootloader 14-32
NTP
incorrect configuration A-16
time synchronization 1-27, A-14
O
obtaining
cryptographic account 13-2
IPS software 13-1
P
password recovery
AIP-SSM A-11
appliances A-8
described A-7
disabling A-12
GRUB menu A-8
IDSM-2 A-10
IPS-4240 A-9
IPS-4255 A-9
NM-CIDS A-10
platforms A-7
ROMMON A-9
troubleshooting A-13
verifying A-13
patch releases described 13-4
PCI cards supported (IPS 4270-20) 6-3
performance IPS 4270-20 6-2
PFC described 9-5
physical connectivity issues A-30
physical interfaces configuration restrictions 1-10
platforms concurrent CLI sessions 12-1
powering down (IDSM-2) 9-15
powering up (IDSM-2) 9-15
power supplies
hot-pluggable (IPS 4270-20) 6-42
IPS 4270-20
installing 6-42
removing 6-42
redundant (IPS 4270-20) 6-42
power supply
IPS-4260
installing 5-21
removing 5-21
power supply guidelines 1-32
power supply indicators
IPS-4260 5-7
IPS 4270-20 6-11
preparing sensor installation 1-30
prerequisites
AIM-IPS 7-2
NME-IPS 7-2
promiscuous mode
described 1-12
packet flow 1-12
R
rack configuration guidelines 1-31
rack extension (IPS 4270-20) 6-23
rack installation (IPS 4270-20) 6-15
rack mounting (2-post)
IDS-4235/4250 3-28
IPS-4260 5-12
rack mounting (4-post)
IDS-4235/4260 3-18
IPS-4260 5-9
rack requirements (IPS 4270-20) 6-15
racks
airflow requirements 6-14
space requirements 6-14
rail system
maximum rack depth 6-14
minimum rack depth 6-14
rack hole-types (illustration) 6-14
round holes 6-14
square holes 6-14
threaded holes 6-14
rail system kit
cable management arm 6-26, 6-29
contents 6-14
IPS 4270-20 6-14
required tools 6-14
recover command 14-13
recovering
AIP-SSM A-68
application partition image 14-13
recovery/upgrade CD 14-29
recovery partition upgrading 14-6
reimaging
AIM-IPS 14-47
AIP-SSM 14-50
appliances 14-13
described 14-1
IPS-4240 14-21
IPS-4255 14-21
IPS-4260 14-24
IPS 4270-20 14-26
NM-CIDS 14-30
removing
AIM-IPS 7-5
AIP-SSM 8-6
IPS-4260 chassis cover 5-18
IPS 4270-20 chassis cover 6-37
last applied upgrade 14-12
NM-CIDS 10-10
SCSI hard-disk drives (IDS-4235/4250) 3-17
replacing
IPS-4260 chassis cover 5-18
IPS 4270-20 chassis cover 6-37
requirements
AIP-SSM 8-2
racks
airflow 6-14
space 6-14
reset not occurring for a signature A-51
resetting
AIP-SSM A-68
IDSM-2 9-13
restoring current configuration A-4
restrictions (AIM-IPS) 7-3
RJ-45 cable pinouts 1-35
RJ-45 to DB2-5 cable pinouts 1-37
RJ-45 to DB-9 cable pinouts 1-37
ROMMON
described 14-15
IDS-4215 14-17
IPS-4240 14-21
IPS-4255 14-21
IPS-4260 14-24
IPS-4270 14-24
IPS 4270-20 14-26
password recovery A-9
remote sensors 14-15
serial console port 14-15
RTT
S
scheduling automatic upgrades 14-9
security information Cisco Security Center 13-16
sensing interfaces
described 1-4
modes 1-4
PCI cards 1-4
sensor not seeing packets A-33
sensor process not running A-29
sensors
access problems A-24
AIP-SSM 1-22
asymmetric traffic
disabling anomaly detection A-19
capturing traffic 1-2
comprehensive deployment 1-2
Comprehensive Deployment Solutions (figure) 1-2
corrupted SensorApp configuration A-35
disaster recovery A-6
downgrading 14-12
electrical guidelines 1-31
IDS mode 1-2
incorrect NTP configuration A-16
initializing 11-1
interface support 1-5
IP address conflicts A-27
IPS mode 1-2
license 13-12
logging in
SSH 12-11
Telnet 12-11
misconfigured access lists A-26
models 1-15
network topology 1-14
not seeing packets A-33
NTP time synchronization 1-27, A-14
physical connectivity A-30
power supply guidelines 1-32
preparing for installation 1-30
preventive maintenance A-2
rack configuration guidelines 1-31
recovering the system image 13-8
sensing process not running A-29
site guidelines 1-30
supported 1-15
system images 13-8
TCP reset 1-3
troubleshooting software upgrades A-55
unsupported 1-16
serial connection supported platforms 1-20, 12-5
serial number show inventory command 7-6, A-70
service account
creating A-5
described A-4
service packs described 13-4
service role 12-2
session command 12-9
AIM-IPS 12-9
AIP-SSM 12-10
IDSM-2 12-5
NM-CIDS 12-6
sessioning
AIM-IPS 12-9
AIP-SSM 12-10
IDSM-2 12-6
NM-CIDS 12-7
setting up a terminal server 1-18, 12-3, 14-16
setup command 11-1, 11-4, 11-12, 11-19, 11-25, 11-32
shallow rack installation (IPS 4270-20) 6-17
show events command A-88, A-89
show interfaces command A-87
show inventory command 7-6, A-70
show module 1 command 8-5
show module 1 details command A-67
show settings command A-13
show statistics command A-77
show statistics virtual-sensor command A-23, A-77
show tech-support command A-71, A-72
show version command A-74
signature/virus update files described 13-5
signature engine update files described 13-5
signatures no TCP reset A-51
site guidelines sensors 1-30
slot assignments
IDSM-2 9-5
supervisor engines 9-5
SNMP supported MIBs A-18
software bypass
supported configurations 5-4, 6-4
software downloads Cisco.com 13-1
software file names
recovery (illustration) 13-6
signature/virus updates (illustration) 13-5
signature engine updates (illustration) 13-5
system image (illustration) 13-6
software release examples
platform-dependent 13-7
platform identifiers 13-7
platform-independent 13-6
software requirements (AIM-IPS) 7-2
software updates
supported FTP servers 14-2
supported HTTP/HTTPS servers 14-2
SPAN
appliances 1-17
IDSM-2 1-24
SPAN port issues A-30
specifications
AIM-IPS 7-1
IDS-4235/4250 3-5
IPS-4260 5-7
IPS 4270-20 6-12
NM-CIDS 10-2
status (AIP-SSM) 8-5
subinterface 0 described 1-13
supported
FTP servers 14-2
HTTP/HTTPS servers 14-2
supported configurations (IDSM-2) 9-2, A-62
switch commands for troubleshooting A-62
Switched Port Analyzer see SPAN
described 11-1
example 11-2
system image (AIM-IPS) 14-47
system images sensors 13-8
T
T-15 Torx screwdriver (IPS 4270-20) 6-43
TAC
service account A-4
show tech-support command A-72
TCP reset 1-3
TCP reset interfaces
conditions 1-10
described 1-9
list 1-9
TCP reset port (IDSM-2) 9-3
TCP resets not occurring A-51
terminal servers setting up 1-18, 12-3, 14-16
TFTP servers
time correcting on the sensor 1-29, A-17
time sources
time synchronization IPS modules 1-29, A-16
trial license key 13-10
troubleshooting A-1
AIP-SSM
commands A-67
debugging A-68
recovering A-68
reset A-68
Analysis Engine busy A-59
applying software updates A-54
blocking not occurring for signature A-42
device access issues A-40
enabling SSH A-42
inactive state A-38
misconfigured MBS A-43
verifying device interfaces A-41
automatic updates A-54
cannot access sensor A-24
cidDump A-92
cidLog messages to syslog A-50
communication A-24
corrupted SensorApp configuration A-35
debug logger zone names (table) A-49
debug logging A-45
Diagnostic Panel (IPS 4270-20) 6-39
disaster recovery A-6
duplicate sensor IP addresses A-27
enabling debug logging A-45
external product interfaces A-22
faulty DIMMs A-36
gathering information A-71
IDM cannot access sensor A-59
IDM will not load A-58
IDSM-2
command and control port A-65
diagnosing problems A-61
serial cable A-67
status indicator A-63
switch commands A-62
TCP reset port A-67
IPS modules time drift 1-29, A-16
manual block to bogus host A-42
misconfigured access list A-26
NTP A-51
password recovery A-13
physical connectivity issues A-30
preventive maintenance A-2
reset not occurring for a signature A-51
sensing process not running A-29
sensor events A-88
sensor loose connections 6-49, A-22
sensor not seeing packets A-33
sensor software upgrade A-55
service account A-4
show events command A-88
show interfaces command A-87
show statistics command A-77
show tech-support command A-71, A-73
show version command A-74
software upgrade
IDS-4235 A-53
IDS-4250 A-53
software upgrades A-52
SPAN port issue A-30
TCP reset interfaces 3-7
upgrading from 5.x to 6.0 A-52
verifying Analysis Engine is running A-20
verifying ARC status A-37
U
unassigned VLAN groups described 1-13
understanding time on the sensor 1-27, A-14
unsupported sensors 1-16
upgrade files 14-3
upgrading
5.x to 6.0 13-8
files 14-3
from 5.x to 6.0 A-52
maintenance partition
IDSM-2 (Catalyst software) 14-46
IDSM-2 (Cisco IOS software) 14-46
minimum required version 13-8
recovery partition 14-6, 14-13
URLs Cisco Security Center 13-16
using
debug logging A-45
TCP reset interface 1-10
V
VACLs (IDSM-2) 1-24
verifying
IDSM-2 installation 9-8
installation
password recovery A-13
sensor initialization 11-37
sensor setup 11-37
VLAN access control list see VACL
VLAN groups
802.1q encapsulation 1-13
configuration restrictions 1-11
deploying 1-14
described 1-13
switches 1-14
X
XL cards fiber ports 3-16