-
Installing Cisco Intrusion Prevention System Appliances and Modules 6.1
-
Preface
-
Introducing the Sensor
-
Installing IPS-4240 and IPS-4255
-
Installing IPS-4260
-
Installing IPS 4270-20
-
Installing AIM-IPS
-
Installing AIP-SSM
-
Installing IDSM-2
-
Installing NME-IPS
-
Initializing the Sensor
-
Logging In to the Sensor
-
Obtaining Software
-
Upgrading, Downgrading, and Installing System Images
-
Troubleshooting
-
Glossary
-
Index
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - L - M - N - O - P - R - S - T - U - V -
Index
Numerics
10GE card
2SX card
4GE bypass interface card
configuration restrictions 3-5, 4-6
802.1q encapsulation
VLAN groups 1-14
A
accessing
Diagnostic Panel (IPS 4270-20) 4-42
IPS software 11-2
access list misconfiguration A-25
actions
ACL changes 1-2
IP logs 1-3
multiple packet drop 1-3
TCP reset 1-2
active update bulletins 11-9
adaptive security appliance described 1-21
AIM-IPS
branch router (illustration) 1-19
described 1-19
illustration 1-19
initializing 9-14
installing 5-5
installing system image 12-23
interfaces described 5-4
logging in 10-5
removing 5-5
restrictions 5-3
session command 10-5
setup command 9-14
software requirements 5-2
specifications 5-1
verifying installation 5-6
AIP-SSM
described 1-21
hardware requirements 6-2
indicators
described 6-2
illustration 6-2
initializing 9-17
installing 6-3
installing system image 12-27
logging in 10-6
memory specifications 6-2
models 1-21
password recovery A-10
recovering A-65
reimaging 12-26
removing 6-5
requirements 6-2
resetting A-64
session command 10-6
setup command 9-17
show module 1 command 6-4
specifications 6-1
verifying status 6-4
alternate TCP reset interface configuration restrictions 1-11
Analysis Engine
error messages A-21
IDM exits A-54
anomaly detection disabling A-18
appliances
ACLs 1-2
application partition image 12-12
described 1-17
GRUB menu A-8
initializing 9-8
logging in 10-2
managers 1-17
models 1-17
password recovery A-8
restrictions 1-17
SPAN 1-17
TCP reset 1-2
terminal servers
upgrading recovery partition 12-5
application partition image recovery 12-12
applying software updates A-51
ARC
blocking not occurring for signature A-41
device access issues A-38
enabling SSH A-40
inactive state A-36
misconfigured MBS A-42
troubleshooting A-35
verifying device interfaces A-39
verifying status A-35
asymmetric traffic disabling anomaly detection A-18
attack responses for TCP reset 1-2
automatic setup 9-1
automatic updates troubleshooting A-52
automatic upgrade
examples 12-10
information required 12-6
autonegotiation and hardware bypass 3-6, 4-6
auto-upgrade-option command 12-6
B
backing up
configuration A-2
current configuration A-4
back panel features
IPS-4260 3-7
IPS 4270-20 4-9
basic setup 9-3
blocking not occurring for signature A-41
C
cable management arm
described 4-32
installing 4-29
cable management arm converting 4-33
cable pinouts
console port 1-33
RJ-45 1-33
RJ-45 to DB-25 1-34
RJ-45 to DB-9 1-34
cannot access sensor A-22
Catalyst software
IDSM-2
enabling full memory tests 7-12
powering down 7-15
powering up 7-15
resetting 7-14
cidDump obtaining information A-88
cisco
default password 10-2
default username 10-2
Cisco.com
accessing software 11-2
Active Update Bulletins 11-9
downloading software 11-1
IPS software 11-1
software downloads 11-1
Cisco IOS software
IDSM-2
enabling full memory tests 7-13
powering down 7-16
powering up 7-16
resetting 7-14
Cisco IPS 6.1 files 12-2
Cisco Security Center
described 11-11
URL 11-11
Cisco Services for IPS
service contract 11-12
supported products 11-12
clear events command 1-27, A-16, A-88
clearing
events A-88
statistics A-74
clear password command A-9, A-11
command and control interface
described 1-5
Ethernet 1-2
list 1-5
commands
auto-upgrade-option 12-6
copy backup-config A-3
copy current-config A-3
copy license-key 11-15
debug module-boot A-65
downgrade 12-11
hw-module module 1 reset A-64
hw-module module slot_number password-reset A-10
setup 9-1, 9-3, 9-8, 9-14, 9-17, 9-21, 9-26
show events A-85
show health A-67
show module 1 6-4
show module 1 details A-64
show settings A-12
show statistics A-74
show statistics virtual-sensor A-21, A-74
show tech-support A-68
show version A-71
configuration files
backing up A-2
merging A-2
configuration restrictions
alternate TCP reset interface 1-11
inline interface pairs 1-11
inline VLAN pairs 1-11
interfaces 1-10
physical interfaces 1-10
VLAN groups 1-11
configuring
automatic upgrades 12-8
maintenance partition
IDSM-2 (Catalyst software) 12-31
IDSM-2 (Cisco IOS software) 12-35
upgrades 12-4
console port pinouts 1-33
converting cable management arm 4-33
copy backup-config command A-3
copy current-config command A-3
copy license-key command 11-15
correcting time on the sensor 1-27, A-16
creating the service account A-5
cryptographic account
Encryption Software Export Distribution Authorization from 11-2
obtaining 11-2
current configuration backup A-2
D
DC power supply (IPS-4240) 2-10
debug logging enabling A-44
debug-module-boot command A-65
default
password 10-2
username 10-2
device access issues A-38
Diagnostic Panel
accessing 4-42
component list 4-13
illustration 4-13
indicators 4-13
disabling
anomaly detection A-18
password recovery A-12
disaster recovery A-6
displaying
events A-86
health status A-67
password recovery setting A-12
statistics A-74
tech support information A-68
version A-71
downgrade command 12-11
downgrading sensors 12-11
downloading software 11-1
duplicate IP addresses A-25
E
electrical safety guidelines 1-30
enabling
debug logging A-44
full memory tests
Catalyst software 7-12
Cisco IOS software 7-13
Encryption Software Export Distribution Authorization form
cryptographic account 11-2
described 11-2
ESD environment 1-31
Ethernet port indicators
IPS-4260 3-7
IPS 4270-20 4-10
events display A-86
Event Store clearing events 1-27, A-16
event types A-85
expansion card interfaces naming conventions
IPS-4260 3-4
IPS 4270-20 4-4
expansion card slots
IPS-4260 3-19
IPS 4270-20 4-43
external product interfaces
issues A-19
troubleshooting A-20
F
fan indicators (IPS 4270-20) 4-50
fans (IPS 4270-20) 4-50
files for Cisco IPS 6.1 12-2
files for IDSM-2 password recovery A-11
finding the serial number 5-6, 8-5
front panel indicators
IPS-4240 2-2
IPS-4255 2-2
IPS-4260 3-6
IPS 4270-20 4-8
front panel switches
IPS-4260 3-6
IPS 4270-20 4-7
FTP servers supported 12-2
G
grounding lugs (IPS-4260) 3-15
GRUB menu password recovery A-8
guidelines
electrical safety 1-30
power supplies 1-30
rack configuration 1-29
H
hardware bypass
configuration restrictions 3-5, 4-6
IPS-4260 3-4
supported configurations 3-4, 4-5
hardware requirements
AIP-SSM 6-2
IDSM-2 7-2
health status display A-67
HTTP/HTTPS servers supported 12-2
hw-module module 1 reset command A-64
hw-module module slot_number password-reset command A-10
I
IDM
Analysis Engine is busy A-54
will not load A-54
IDS appliances unsupported models 1-16
IDSM-2
command and control port A-62
configuring
maintenance partition (Catalyst software) 12-31
maintenance partition (Cisco IOS software) 12-35
described 1-23
enabling full memory tests
Catalyst software 7-12
Cisco IOS software 7-13
front panel 7-3
hardware requirements 7-2
initializing 9-21
installing
procedure 7-5
required tools 7-4
system image (Catalyst software) 12-29
system image (Cisco IOS software) 12-30
logging in 10-8
password recovery
described A-10
image file A-11
PFC 7-5
powering down
Catalyst software 7-15
Cisco IOS software 7-16
powering up
Catalyst software 7-15
Cisco IOS software 7-16
reimaging 12-28
removing 7-11
requirements 7-2
resetting
Catalyst software 7-14
Cisco IOS software 7-14
setup command 9-21
shutdown
button 7-3
command 7-3
described 7-11
slot assignments 7-5
software requirements 7-2
SPAN 1-23
specifications 7-1
status indicator 7-3
supported configurations 7-2, A-58
upgrading
maintenance partition (Catalyst software) 12-39
maintenance partition (Cisco IOS software) 12-39
VACLs 1-23
verifying installation 7-9
IDS switch modules unsupported models 1-16
IME time synchronization problems A-56
initializing
AIM-IPS 9-14
AIP-SSM 9-17
appliances 9-8
IDSM-2 9-21
NME-IPS 9-26
user roles 9-1
verifying 9-29
inline interface pair mode described 1-13
inline interface pairs configuration restrictions 1-11
inline VLAN pair mode
described 1-13
supported sensors 1-13
inline VLAN pairs configuration restrictions 1-11
installation preparation 1-28
installer major version described 11-6
installer minor version described 11-6
installing
AIM-IPS 5-5
AIP-SSM 6-3
cable management arm 4-29
fans (IPS 4270-20) 4-50
IPS-4240 2-8
IPS-4255 2-8
IPS-4260 3-15
IPS 4270-20 4-36
license key 11-15
NME-IPS 8-5
sensor license 11-14
system image
AIP-SSM 12-27
IDSM-2 (Catalyst software) 12-29
IDSM-2 (Cisco IOS software) 12-30
IPS-4240 12-15
IPS-4255 12-15
IPS-4260 12-19
IPS 4270-20 12-21
NME-IPS 12-40
interface cards
IPS-4260
installing 3-19
removing 3-19
IPS 4270-20
installing 4-43
removing 4-43
interfaces
alternate TCP reset 1-5
command and control 1-5
configuration restrictions 1-10
described 1-4
port numbers 1-4
slot numbers 1-4
support (table) 1-6
TCP reset 1-9
VLAN groups 1-5
internal health information on the Diagnostic Panel 4-43
introducing
AIM-IPS 1-19
AIP-SSM 1-21
appliance 1-17
IDSM-2 1-23
NME-IPS 1-20
IPS-4240
accessories 2-5
back panel
illustration 2-3
indicators 2-3
described 2-1
features 2-2
front panel
illustration 2-2
indicators 2-2
installing 2-8
installing DC power supply 2-10
installing system image 12-15
introducing 2-1
password recovery A-8
rack mounting 2-6
reimaging 12-15
specifications 2-4
IPS-4255
accessories 2-5
back panel (illustration) 2-3
front panel
illustration 2-2
indicators 2-2
installing 2-8
installing system image 12-15
introducing 2-1
password recovery A-8
rack mounting 2-6
reimaging 12-15
specifications 2-4
IPS-4260
4GE bypass interface card 3-2
accessories kit 3-9
back panel features 3-7
chassis cover
removing 3-18
replacing 3-18
described 3-1
Ethernet port indicators 3-7
expansion card slots 3-19
features 3-6
front panel
indicators 3-6
switches 3-6
grounding lugs 3-15
hardware bypass 3-4
installing 3-15
installing interface cards 3-19
installing system image 12-19
installing the power supply 3-21
network ports 3-2
power supplies 3-2
rack mounting
2-post 3-12
4-post 3-10
reimaging 12-19
removing interface cards 3-19
removing the power supply 3-21
sensing interfaces 3-2
specifications 3-8
supported interface cards 3-2, 3-3
IPS 4270-20
4GE bypass interface card 4-2
accessing Diagnostic Panel 4-42
accessories kit 4-15
back panel features 4-9
chassis cover
removing 4-40
replacing 4-40
converting cable management arm 4-33
described 4-1
Diagnostic Panel
described 4-13
illustration 4-13
Ethernet port indicators 4-10
Ethernet port indicators (illustration) 4-10
expansion card slots 4-43
extending from a rack 4-26
fan connector and indicator (illustration) 4-50
fan indicators 4-50
fans 4-50
features 4-7
front panel indicators 4-8
front view (illustration) 4-7
hot-pluggable power supplies 4-45
installation 4-36
installing
cable management arm 4-29
fans 4-50
in a rack 4-18
interface cards 4-43
power supplies 4-45
installing system image 12-21
interface naming conventions 4-4
internal components (illustration) 4-12
maximum rack depth 4-16
network ports 4-2
performance 4-2
power supplies 4-2
power supply indicators 4-11
rack requirements 4-17
rail system kit
described 4-16
minimum rack depth 4-16
redundant power supplies 4-45
reimaging 12-21
removing
interface cards 4-43
power supplies 4-45
sensing interfaces 4-2
shallow rack installation 4-20
specifications 4-14
switches and indicators (illustration) 4-7
T-15 Torx screwdriver 4-46
IPS modules time synchronization 1-26, A-15
IPS software
available files 11-1
obtaining 11-1
platform-dependent release examples 11-7
IPS software file names
major updates (illustration) 11-3
minor updates (illustration) 11-3
patch releases (illustration) 11-3
service packs (illustration) 11-3
L
license key
installing 11-15
trial 11-12
licensing
described 11-11
IPS device serial number 11-11
Licensing pane
configuring 11-14
described 11-11
logging in
AIM-IPS 10-5
AIP-SSM 10-6
appliances 10-2
IDSM-2 10-8
NME-IPS 10-10
sensors
SSH 10-11
Telnet 10-11
service role 10-2
terminal servers 1-17, 10-3, 12-14
user role 10-1
loose connections on sensors 4-52, A-21
M
maintenance partition
configuring
IDSM-2 (Catalyst software) 12-31
IDSM-2 (Cisco IOS software) 12-35
major updates described 11-3
manual block to bogus host A-40
master blocking sensor not set up properly A-42
merging configuration files A-2
MIBs supported A-18
minor updates described 11-4
modes
IDS 1-1
inline interface pair 1-13
inline VLAN pair 1-13
IPS 1-1
promiscuous 1-12
VLAN groups 1-13
modules
AIM-IPS 1-19
AIP-SSM
described 1-21
memory specifications 6-2
specifications 6-1
IDSM-2 1-23, 7-3, 7-4, 7-5, 7-11
N
Network Timing Protocol see NTP
NME-IPS
illustration 1-21
initializing 9-26
installing 8-5
installing system image 12-40
introducing 1-20
logging in 10-10
reimaging 12-40
removing 8-5
restrictions 8-3
session command 10-10
setup command 9-26
software requirements 8-2
specifications 8-1
verifying installation 8-5
NTP
incorrect configuration 1-27, A-16
time synchronization 1-24, A-13
O
obtaining cryptographic account 11-2
P
password recovery
AIP-SSM A-10
appliances A-8
CLI A-12
described A-7
disabling A-12
GRUB menu A-8
IDSM-2 A-10
IPS-4240 A-8
IPS-4255 A-8
platforms A-7
ROMMON A-8
troubleshooting A-13
verifying A-12
patch releases described 11-4
performance
IPS-4240 2-1
IPS-4255 2-2
IPS-4260 3-1
IPS 4270-20 4-2
PFC described 7-5
physical connectivity issues A-29
physical interfaces configuration restrictions 1-10
powering down
IDSM-2 (Catalyst software) 7-15
IDSM-2 (Cisco IOS software) 7-16
powering up
IDSM-2 (Catalyst software) 7-15
IDSM-2 (Cisco IOS software) 7-16
power supplies
guidelines 1-30
hot-pluggable (IPS 4270-20) 4-45
indicators (IPS 4270-20) 4-11
IPS-4260
installing 3-21
removing 3-21
IPS 4270-20
installing 4-45
removing 4-45
redundant (IPS 4270-20) 4-45
preparing for sensor installation 1-28
prerequisites
AIM-IPS 5-2
promiscuous mode
described 1-12
packet flow 1-12
R
rack mounting
IPS-4260
2-post 3-12
4-post 3-10
IPS 4270-20
extension 4-26
installation 4-18
requirements 4-17
racks
airflow requirements 4-17
configuration guidelines 1-29
space requirements 4-17
rail system
maximum rack depth 4-16
minimum rack depth 4-16
rack hole-types (illustration) 4-16
round holes 4-16
square holes 4-16
threaded holes 4-16
rail system kit
cable management arm 4-29, 4-32
contents 4-16
IPS 4270-20 4-16
required tools 4-16
recover command 12-12
recovering
AIP-SSM A-65
application partition image 12-12
recovery partition upgrade 12-5
reimaging
AIP-SSM 12-26
appliances 12-12
described 12-1
IDSM-2 12-28
IPS-4240 12-15
IPS-4255 12-15
IPS-4260 12-19
IPS 4270-20 12-21
NME-IPS 12-40
sensors 12-1
removing
AIM-IPS 5-5
AIP-SSM 6-5
chassis cover
IPS-4260 3-18
IPS 4270-20 4-40
IDSM-2 7-11
last applied
service pack 12-11
signature update 12-11
NME-IPS 8-5
replacing
chassis cover
IPS-4260 3-18
IPS 4270-20 4-40
requirements
AIM-IPS 5-2
AIP-SSM 6-2
IDSM-2 7-2
NME-IPS 8-2
racks
airflow 4-17
space 4-17
reset not occurring for a signature A-49
resetting
AIP-SSM A-64
IDSM-2 7-13
restoring the current configuration A-4
restrictions
AIM-IPS 5-3
NME-IPS 8-3
RJ-45 cable pinouts 1-33
RJ-45 to DB2-5 cable pinouts 1-34
RJ-45 to DB-9 cable pinouts 1-34
ROMMON
described 12-14
IPS-4240 12-15
IPS-4255 12-15
IPS-4260 12-19
password recovery A-8
remote sensors 12-14
serial console port 12-14
TFTP 12-14
RTT
described 12-14
TFTP limitation 12-14
S
scheduling automatic upgrades 12-8
security information on Cisco Security Center 11-11
sensing interfaces
described 1-6
interface cards 1-6
modes 1-6
sensors
access problems A-22
AIP-SSM 1-21
asymmetric traffic and disabling anomaly detection A-18
capturing traffic 1-1
comprehensive deployment 1-1
Comprehensive Deployment Solutions (illustration) 1-1
corrupted SensorApp configuration A-34
disaster recovery A-6
downgrading 12-11
electrical guidelines 1-30
IDS mode 1-1
incorrect NTP configuration 1-27, A-16
interface support 1-6
IP address conflicts A-25
IPS mode 1-1
license 11-14
logging in
SSH 10-11
Telnet 10-11
misconfigured access lists A-25
models 1-15
network topology 1-3
not seeing packets A-32
NTP time synchronization 1-24, A-13
physical connectivity A-29
power supply guidelines 1-30
preparing for installation 1-28
preventive maintenance A-2
process not running A-27
rack configuration guidelines 1-29
reimaging 12-1
sensing process not running A-27
site guidelines 1-29
supported 1-15
TCP reset 1-2
troubleshooting software upgrades A-53
unsupported 1-16
serial number and show inventory command 5-6, 8-5
service account
creating A-5
described A-4
service-module ids-sensor slot/port session command 10-4, 10-9
service packs described 11-4
service role 10-2
session command
AIM-IPS 10-5
AIP-SSM 10-6
IDSM-2 10-8
NME-IPS 10-10
sessioning
AIM-IPS 10-5
AIP-SSM 10-6
IDSM-2 10-8
NME-IPS 10-10
setting up a terminal server 1-17, 10-3, 12-14
setup
automatic 9-1
simplified mode 9-1
setup command 9-1, 9-3, 9-8, 9-14, 9-17, 9-21, 9-26
shallow rack installation (IPS 4270-20) 4-20
show events command A-85
show health command A-67
show interfaces command A-83
show inventory command 5-6, 8-5
show module 1 command 6-4
show module 1 details command A-64
show settings command A-12
show statistics command A-73, A-74
show statistics virtual-sensor command A-21, A-74
show tech-support command A-68
show version command A-71
signature/virus update files described 11-5
signature engine update files described 11-5
signatures and no TCP reset A-49
site guidelines for sensors 1-29
slot assignments
IDSM-2 7-5
supervisor engines 7-5
SNMP supported MIBs A-18
software bypass
supported configurations 3-4, 4-5
software downloads Cisco.com 11-1
software file names
recovery (illustration) 11-6
signature/virus updates (illustration) 11-5
signature engine updates (illustration) 11-5
system image (illustration) 11-6
software release examples
platform-dependent 11-7
platform identifiers 11-7
platform-independent 11-6
software requirements
AIM-IPS 5-2
AIP-SSM 6-2
IDSM-2 7-2
NME-IPS 8-2
software updates
supported FTP servers 12-2
supported HTTP/HTTPS servers 12-2
SPAN
appliances 1-17
IDSM-2 1-23
port issues A-29
specifications
AIM-IPS 5-1
AIP-SSM 6-1
IDSM-2 7-1
IPS-4240 2-4
IPS-4255 2-4
IPS-4260 3-8
IPS 4270-20 4-14
NME-IPS 8-1
status
AIP-SSM 6-4
IDSM-2 7-9
subinterface 0 described 1-14
supported
FTP servers 12-2
HTTP/HTTPS servers 12-2
IDSM-2 configurations 7-2, A-58
switch commands for troubleshooting A-59
Switched Port Analyzer see SPAN
System Configuration Dialog
described 9-2
example 9-2
system image
installing
IPS-4240 12-15
IPS-4255 12-15
T
T-15 Torx screwdriver (IPS 4270-20) 4-46
TAC
service account A-4
show tech-support command A-68
TCP reset interfaces
conditions 1-10
described 1-9
list 1-9
TCP reset port (IDSM-2) 7-3, A-63
TCP resets
described 1-2
not occurring A-49
terminal servers setup 1-17, 10-3, 12-14
TFTP and RTT 12-14
TFTP servers
recommended
UNIX 12-14
Windows 12-14
time
correcting on the sensor 1-27, A-16
IPS modules synchronization 1-26, A-15
time sources
trial license key 11-12
troubleshooting
AIP-SSM
commands A-64
debugging A-65
recovering A-65
reset A-64
Analysis Engine busy A-54
applying software updates A-51
ARC
blocking not occurring for signature A-41
device access issues A-38
enabling SSH A-40
inactive state A-36
misconfigured MBS A-42
verifying device interfaces A-39
automatic updates A-52
cannot access sensor A-22
cidDump A-88
cidLog messages to syslog A-48
communication A-22
corrupted SensorApp configuration A-34
debug logger zone names (table) A-47
debug logging A-43
Diagnostic Panel (IPS 4270-20) 4-42
disaster recovery A-6
duplicate sensor IP addresses A-25
enabling debug logging A-44
external product interfaces A-20
gathering information A-66
IDM cannot access sensor A-55
IDM will not load A-54
IDSM-2
command and control port A-62
diagnosing problems A-57
serial cable A-63
status indicator A-59
switch commands A-59
IME time synchronization problems A-56
IPS and PIX devices A-20
IPS modules time drift 1-26, A-15
manual block to bogus host A-40
misconfigured access list A-25
normalizer inline mode A-20
NTP A-49
password recovery A-13
physical connectivity issues A-29
preventive maintenance A-2
reset not occurring for a signature A-49
sensing process not running A-27
sensor events A-85
sensor loose connections 4-52, A-21
sensor not seeing packets A-32
sensor software upgrade A-53
service account A-4
show events command A-84
show interfaces command A-83
show statistics command A-73
show tech-support command A-67, A-68, A-69
show version command A-71
software upgrades A-50
SPAN port issue A-29
upgrading A-51
verifying ARC status A-35
U
unauthenticated NTP A-14, A-15
understanding time on the sensor 1-24, A-13
unsupported sensors 1-16
upgrading
maintenance partition
IDSM-2 (Catalyst software) 12-39
IDSM-2 (Cisco IOS software) 12-39
minimum required version 11-8
recovery partition 12-5, 12-12
URLs for Cisco Security Center 11-11
using
debug logging A-43
TCP reset interface 1-10
V
VACLs and IDSM-2 1-23
verifying
IDSM-2 installation 7-9
installation (AIM-IPS) 5-6
installation (NME-IPS) 8-5
password recovery A-12
sensor initialization 9-29
sensor setup 9-29
VLAN access control list see VACL
VLAN groups
802.1q encapsulation 1-14
configuration restrictions 1-11
deploying 1-14
described 1-13
switches 1-14