Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 6.2 - Index [Cisco IPS 4200 Series Sensors]

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - L - M - N - O - P - R - S - T - U - V -

Index

Numerics

10GE interface card

described 3-3, 4-4

illustration 3-4, 4-5

2SX interface card

described 3-3, 4-4

illustration 3-3, 4-4

4GE bypass interface card

configuration restrictions 3-5, 4-7

described 3-2, 3-4, 4-3, 4-6

illustration 3-3, 4-4

802.1q encapsulation

VLAN groups 1-16

A

access control list. See ACL.

accessing

Diagnostic Panel (IPS 4270-20) 4-42

IPS software 12-1

access lists misconfiguration A-30

actions

ACL changes 1-2

IP logs 1-3

multiple packet drop 1-3

TCP reset 1-2

adaptive security appliance described 1-22, 1-24

AIM-IPS

branch router (illustration) 1-21

described 1-20

illustration 1-22

initializing 10-13

installing 5-5

installing system image 13-22

interfaces described 5-4

logging in 11-5

removing 5-5

restrictions 5-3

session command 11-5

sessioning 11-4, 11-5

setup command 10-13

software requirements 5-2

specifications 5-1

time sources 1-29, A-18

AIP-SSC-5

described 1-22

indicators (illustration) 6-2

indicators (table) 6-2

initializing 10-6

installing 6-2

logging in 11-6

models 1-22

password recovery A-10

removing 6-5

requirements 6-1

resetting A-69

resetting the password A-11

session command 11-6

show module 1 command 6-4

specifications (table) 6-1

verifying status 6-4

AIP-SSM

described 1-24

indicators

described 7-2

illustration 7-2

initializing 10-16

installing 7-3

installing system image 13-25

logging in 11-6

memory specifications 7-2

models 1-24

Normalizer engine A-72

password recovery A-12

recovering A-70

reimaging 13-25

removing 7-5

requirements 7-2

resetting A-69

resetting the password A-13

session command 11-6

setup command 10-16

show module 1 command 7-4

specifications (table) 7-1

time sources 1-30, A-19

verifying status 7-5

alternate TCP reset interface 1-11

Analysis Engine

error messages A-26

IDM exits A-59

verify it is running A-23

anomaly detection disabling A-22

appliances

ACLs 1-2

application partition image 13-11

described 1-18

GRUB menu A-8

initializing 10-7

logging in 11-2

managers 1-18

models 1-18

password recovery A-8

restrictions 1-19

SPAN 1-19

TCP reset 1-2

terminal servers

described 1-19, 11-3, 13-13

setting up 1-19, 11-3, 13-13

time sources 1-28, A-18

upgrading recovery partition 13-6

application partition image recovering 13-11

applying software updates A-56

ARC

blocking not occurring for signature A-45

device access issues A-42

enabling SSH A-45

inactive state A-41

misconfigured MBS A-46

troubleshooting A-39

verifying device interfaces A-44

verifying status A-40

ASA IPS modules

Deny Connection Inline A-73

Deny Packet Inline A-73

Reset TCP Connection A-73

TCP reset packets A-73

ASDM resetting passwords A-12, A-14

asymmetric traffic and disabling anomaly detection A-22

attack responses and TCP reset 1-2

authenticated NTP 1-29, 1-30, A-18

automatic setup 10-1

automatic upgrade

information required 13-7

troubleshooting A-56

autonegotiation for hardware bypass 3-6, 4-7

auto-upgrade-option command 13-7

B

backing up

configuration A-3

current configuration A-4, A-5

back panel features

IPS-4240 2-3

IPS-4255 2-3

IPS-4260 3-7

IPS 4270-20 4-10

basic setup 10-3

blocking not occurring for signature A-45

Bug Toolkit

described A-1

URL A-1

C

cable management arm

converting 4-33

described 4-32

installing 4-29

cable pinouts

console port 1-37

RJ-45 1-37

RJ-45 to DB-25 1-38

RJ-45 to DB-9 1-38

cannot access sensor A-27

Catalyst software

IDSM-2

enabling full memory tests 8-12

powering off 8-15

powering on 8-15

resetting 8-14

cidDump obtaining information A-96

cisco

default password 11-2

default username 11-2

Cisco.com

accessing software 12-1

downloading software 12-1

IPS software 12-1

software downloads 12-1

Cisco IOS software

IDSM-2

enabling full memory tests 8-13

powering down 8-16

powering up 8-16

resetting 8-14

Cisco IPS software files 13-3

Cisco Security Intelligence Operations

described 12-9

URL 12-9

Cisco Services for IPS

service contract 12-11

supported products 12-11

clear events command 1-31, A-20, A-96

clearing

events A-96

statistics A-82

clear password command A-10, A-15

command and control interface

described 1-5

Ethernet 1-2

list 1-5

commands

auto-upgrade-option 13-7

clear events 1-31, A-20, A-96

clear password A-10, A-15

copy backup-config A-3

copy current-config A-3

copy license-key 12-13

debug module-boot A-70

downgrade 13-10

hw-module module 1 reset A-69

hw-module module slot_number password-reset A-11, A-12

session 11-5, 11-10

setup 10-1, 10-3, 10-7, 10-13, 10-16, 10-20, 10-24

show events A-93

show health A-75

show inventory 5-6, 9-5

show module 1 details A-68

show settings A-17

show statistics A-81

show statistics virtual-sensor A-26, A-81

show tech-support A-75

show version A-79

upgrade 13-3, 13-5

configuration files

backing up A-3

merging A-3

configuration restrictions

alternate TCP reset interface 1-11

inline interface pairs 1-11

inline VLAN pairs 1-11

interfaces 1-10

physical interfaces 1-10

VLAN groups 1-12

configuring

automatic upgrades 13-9

maintenance partition

IDSM-2 (Catalyst software) 13-30

IDSM-2 (Cisco IOS software) 13-34

upgrades 13-4

console port pinouts 1-37

converting cable management arm 4-33

copy backup-config command A-3

copy current-config command A-3

copy license-key command 12-13

correcting time on the sensor 1-31, A-20

creating the service account A-6

cryptographic account

Encryption Software Export Distribution Authorization from 12-2

obtaining 12-2

current configuration back up A-3

D

DC power supply (IPS-4240) 2-10

debug logging enable A-48

debug-module-boot command A-70

defaults

password 11-2

username 11-2

device access issues A-42

Diagnostic Panel

accessing 4-42

component list 4-14

illustration 4-14

indicators 4-14

disabling

anomaly detection A-22

password recovery A-16

disaster recovery A-6

displaying

events A-94

health status A-75

password recovery setting A-17

statistics A-82

tech support information A-76

version A-79

downgrade command 13-10

downgrading sensors 13-10

downloading software 12-1

duplicate IP addresses A-30

E

electrical safety guidelines 1-33

enabling

debug logging A-48

full memory tests

Catalyst software 8-12

Cisco IOS software 8-13

Encryption Software Export Distribution Authorization form

cryptographic account 12-2

described 12-2

ESD environment 1-35

Ethernet port indicators

IPS-4240 2-3

IPS-4255 2-3

IPS-4260 3-8

IPS 4270-20 4-11

event display A-94

Event Store and clearing events 1-31, A-20

event types A-92

examples

ASA failover configuration A-71

expansion card interfaces naming conventions 3-4, 4-5

expansion card slots

IPS-4260 3-20, 3-22

IPS 4270-20 4-43

external product interfaces

issues A-24

troubleshooting A-24

F

fail-over testing 3-5, 4-6

fan indicators (IPS 4270-20) 4-50

fans (IPS 4270-20) 4-50

files

Cisco IPS 13-3

IDSM2 password recovery A-15

finding the serial number 5-6, 9-5

front panel indicators

IPS-4240 2-3

IPS4255 2-3

IPS-4260 3-7

IPS 4270-20 4-9

front panel switches

IPS-4260 3-7

IPS 4270-20 4-9

FTP servers supported 13-2

G

grounding lugs (IPS-4260) 3-16

GRUB menu password recovery A-8

guidelines

electrical safety 1-33

power supplies 1-34

rack configuration 1-33

H

hardware bypass

autonegotiation 3-6, 4-7

configuration restrictions 3-5, 4-7

fail-over 3-5, 4-6

IPS-4260 3-4

IPS 4270-20 3-4, 4-6

link status changes and drops 3-6, 4-8, A-26

proper configuration 3-6, 4-7, A-25

supported configurations 3-4, 4-6

with software bypass 3-4, 4-6

HTTP/HTTPS servers 13-2

hw-module module 1 reset command A-69

hw-module module slot_number password-reset command A-11, A-12

I

IDM

Analysis Engine is busy A-59

will not load A-58

IDS appliances unsupported models 1-17

IDSM-2

command and control port A-66

configuring

maintenance partition (Catalyst software) 13-30

maintenance partition (Cisco IOS software) 13-34

described 1-26

enabling full memory tests

Catalyst software 8-12

Cisco IOS software 8-13

front panel 8-3

hot swapping 8-4, 8-8

initializing 10-20

installing

procedure 8-5

required tools 8-4

system image (Catalyst software) 13-28

system image (Cisco IOS software) 13-30

logging in 11-8

PFC 8-5

powering down

Cisco IOS software 8-16

powering off

Catalyst software 8-15

powering on

Catalyst software 8-15

powering up

Cisco IOS software 8-16

reimaging 13-28

removing 8-10

requirements 8-2

resetting

Catalyst software 8-14

Cisco IOS software 8-14

described 8-13

sessioning 11-8

setup command 10-20

shutdown

button 8-3

command 8-3

described 8-11

slot assignments 8-5

SPAN 1-26

specifications 8-1

status indicator 8-3

supported configurations 8-2, A-63

TCP reset port 8-3, A-68

time sources 1-29, A-18

upgrading

maintenance partition (Catalyst software) 13-38

maintenance partition (Cisco IOS software) 13-38

VACLs 1-26

verifying installation 8-9

IDSM2

installing

system image (Cisco IOS software) 13-29

password recovery A-14

password recovery image file A-15

IDS switch modules unsupported models 1-18

IME time synchronization problems A-61

initializing

AIM-IPS 10-13

AIP-SSC-5 10-6

AIP-SSM 10-16

appliances 10-7

IDSM-2 10-20

NME-IPS 10-24

sensors 10-1, 10-3

user roles 10-1

verifying 10-27

inline interface pair mode

configuration restrictions 1-11

described 1-14

inline VLAN pair mode

configuration restrictions 1-11

described 1-15

supported sensors 1-15

installation preparation 1-32

installer major version 12-5

installer minor version 12-5

installing

AIM-IPS 5-5

AIP-SSC-5 6-2

AIP-SSM 7-3

cable management arm 4-29

fans (IPS 4270-20) 4-50

IPS-4240 2-8

IPS-4255 2-8

IPS-4260 3-16

IPS 4270-20 4-36

license key 12-13

NME-IPS 9-5

sensor license 12-12

system image

AIP-SSM 13-25

IDSM-2 (Catalyst software) 13-28

IDSM-2 (Cisco IOS software) 13-30

IDSM2 (Cisco IOS software) 13-29

IPS-4240 13-14

IPS-4255 13-14

IPS-4260 13-17

IPS 4270-20 13-19

NME-IPS 13-39

interface cards

IPS-4260

10GE card 3-3

2SX card 3-3

4GE card 3-2

installing 3-20

removing 3-20

IPS 4270-20

10GE card 4-4

2SX card 4-4

4GE card 4-3

installing 4-43

removing 4-43

interfaces

alternate TCP reset 1-5

command and control 1-5

configuration restrictions 1-10

described 1-4

port numbers 1-4

sensing 1-5, 1-6

slot numbers 1-4

support (table) 1-6

TCP reset 1-9

VLAN groups 1-5

internal health information (IPS 4270-20) 4-43

introducing

AIM-IPS 1-20

AIP-SSC-5 1-22

AIP-SSM 1-24

IDSM-2 1-26

NME-IPS 1-27

IPS-4240

accessories 2-5

back panel

illustration 2-3

indicators 2-3

described 2-1

features 2-2

front panel

illustration 2-2

indicators 2-3

installing 2-8

installing DC power supply 2-10

installing system image 13-14

introducing 2-1

password recovery A-9

rack mounting 2-6

reimaging 13-14

specifications 2-4

IPS-4255

accessories 2-5

back panel (illustration) 2-3

front panel

illustration 2-2

indicators 2-3

installing 2-8

installing system image 13-14

introducing 2-1

password recovery A-9

rack mounting 2-6

reimaging 13-14

specifications 2-4

IPS-4260

4GE bypass interface card 3-2

accessories kit 3-9

back panel features 3-7

chassis cover

removing 3-19

replacing 3-19

described 3-1

Ethernet port indicators 3-8

expansion card slots 3-20, 3-22

features 3-6

front panel

indicators 3-7

switches 3-7

grounding lugs 3-16

hardware bypass 3-4

installing 3-16

installing interface cards 3-20

installing system image 13-17

interface naming conventions 3-4

network ports 3-2

performance 3-2

power supplies 3-2

power supply indicators 3-8

rack mounting

2-post 3-13

4-post 3-10

reimaging 13-17

removing interface cards 3-20

sensing interfaces 3-2

specifications 3-9

supported interface cards 3-2

IPS 4270-20

4GE bypass interface card 4-2

accessing Diagnostic Panel 4-42

accessories kit 4-16

back panel features 4-10

chassis cover

removing 4-40

replacing 4-40

converting cable management arm 4-33

described 4-1

Diagnostic Panel

described 4-14

illustration 4-14

Ethernet port indicators

described 4-11

illustration 4-11

expansion card slots 4-43

extending from a rack 4-27

fan connector and indicator (illustration) 4-50

fan indicators 4-50

fans 4-50

features 4-8

front panel

indicators 4-9

switches 4-9

front view (illustration) 4-8

hardware bypass 3-4, 4-6

hot-pluggable power supplies 4-45

installation 4-36

installing

cable management arm 4-29

fans 4-50

in a rack 4-18

interface cards 4-43

power supplies 4-45

installing system image 13-19

interface naming conventions 4-5

maximum rack depth 4-17

network ports 4-2

performance 4-2

power supplies

described 4-3

indicators 4-12

rack requirements 4-17

rail system kit

described 4-16

minimum rack depth 4-17

redundant power supplies 4-45

reimaging 13-19

removing

interface cards 4-43

power supplies 4-45

sensing interfaces 4-2

shallow rack installation 4-19

specifications 4-15

switches and indicators (illustration) 4-9

T-15 Torx screwdriver 4-45

IPS appliances

Deny Connection Inline A-73

Deny Packet Inline A-73

Reset TCP Connection A-73

TCP reset packets A-73

IPS modules time synchronization 1-30, A-19

IPS software

available files 12-1

obtaining 12-1

platform-dependent release examples 12-6

IPS software file names

major updates (illustration) 12-4

minor updates (illustration) 12-4

patch releases (illustration) 12-4

service packs (illustration) 12-4

IPv6

SPAN ports 1-13

switches 1-13

L

license key

installation 12-13

trial 12-10

licensing

described 12-10

IPS device serial number 12-10

Licensing pane

configuring 12-12

described 12-10

limitations for concurrent CLI sessions 2-1, 3-1, 4-1, 5-1, 6-1, 7-1, 8-1, 9-1, 11-1

logging in

AIM-IPS 11-5

AIP-SSC-5 11-6

AIP-SSM 11-6

appliances 11-2

IDSM-2 11-8

NME-IPS 11-10

sensors

SSH 11-11

Telnet 11-11

service role 11-2

terminal servers 1-19, 11-3, 13-13

user role 11-1

loose connections and sensors 4-52, A-26

M

maintenance partition

configuring

IDSM-2 (Catalyst software) 13-30

IDSM-2 (Cisco IOS software) 13-34

major updates described 12-3

manual block to bogus host A-45

master blocking sensor not set up properly A-46

merging configuration files A-3

MIBs supported A-21

minor updates described 12-3

modes

IDS 1-1

inline interface pair 1-14

inline VLAN pair 1-15

IPS 1-1

promiscuous 1-12

VLAN Groups 1-15

modules

AIM-IPS

described 1-20

specifications 5-1

AIP-SSC-5

described 1-22

specifications 6-1

AIP-SSM

described 1-24

memory specifications 7-2

specifications 7-1

IDSM-2 1-26, 8-3, 8-4, 8-5, 8-10

NME-IPS

described 1-27

specifications 9-1

N

Network Timing Protocol. See NTP.

NME-IPS

illustration 1-28

initializing 10-24

installing system image 13-39

introducing 1-27

logging in 11-10

reimaging 13-39

restrictions 9-3

session command 11-10

sessioning 11-9, 11-10

setup command 10-24

software requirements 9-2

specifications 9-1

time sources 1-29, A-18

verifying installation 5-6, 9-6

NTP

authenticated 1-29, 1-30, A-18

described 1-28, A-18

incorrect configuration 1-30, A-19

time synchronization 1-28, A-18

unauthenticated 1-29, 1-30, A-18

verifying configuration 1-31

O

obtaining

cryptographic account 12-2

IPS sofware 12-1

P

password recovery

AIM-IPS A-10

AIP-SSC-5 A-10

AIP-SSM A-12

appliances A-8

CLI A-16

described A-8

disabling A-16

GRUB menu A-8

IDSM2 A-14

IPS-4240 A-9

IPS-4255 A-9

NME-IPS A-15

platforms A-8

ROMMON A-9

troubleshooting A-17

verifying A-17

patch releases described 12-3

performance (IPS 4270-20) 4-2

PFC described 8-5

physical connectivity issues A-34

physical interfaces configuration restrictions 1-10

platforms concurrent CLI sessions 2-1, 3-1, 4-1, 5-1, 6-1, 7-1, 8-1, 9-1, 11-1

Policy Feature Card. See PFC.

powering down

IDSM-2 (Cisco IOS software) 8-16

powering off

IDSM-2 (Catalyst software) 8-15

powering on

IDSM-2 (Catalyst software) 8-15

powering up

IDSM-2 (Cisco IOS software) 8-16

power supplies

hot-pluggable (IPS 4270-20) 4-45

IPS 4270-20

installing 4-45

removing 4-45

redundant (IPS 4270-20) 4-45

power supply guidelines 1-34

power supply indicators

IPS-4260 3-8

IPS 4270-20 4-12

preparing for sensor installation 1-32

prerequisites

AIM-IPS 5-2, 9-2

NME-IPS 5-2, 9-2

promiscuous mode

described 1-12

packet flow 1-12

SPAN ports 1-13

VACL capture 1-13

R

rack

airflow requirements 4-17

configuration guidelines 1-33

IPS 4270-20

extension 4-27

installation 4-18

requirements 4-17

space requirements 4-17

rack mounting

IPS-4260

2-post 3-13

4-post 3-10

rail system

maximum rack depth 4-17

minimum rack depth 4-17

rack hole-types (illustration) 4-16

round holes 4-16

square holes 4-16

threaded holes 4-16

rail system kit

cable management arm 4-29, 4-32

contents 4-17

IPS 4270-20 4-16

required tools 4-17

recover command 13-11

recovering

AIP-SSM A-70

application partition image 13-11

recovery partition upgrade 13-6

reimaging

AIM-IPS 13-22

AIP-SSM 13-25

appliances 13-11

described 13-1

IDSM-2 13-28

IPS-4240 13-14

IPS-4255 13-14

IPS-4260 13-17

IPS 4270-20 13-19

NME-IPS 13-39

sensors 12-8, 13-1

removing

AIM-IPS 5-5

AIP-SSC-5 6-5

AIP-SSM 7-5

chassis cover

IPS-4260 3-19

IPS 4270-20 4-40

last applied

service pack 13-10

signature update 13-10

replacing

chassis cover

IPS-4260 3-19

IPS 4270-20 4-40

requirements

AIP-SSC-5 6-1

AIP-SSM 7-2

racks

airflow 4-17

space 4-17

reset not occurring for a signature A-54

resetting

AIP-SSC-5 A-69

AIP-SSM A-69

IDSM-2 8-13

passwords

ASDM A-12, A-14

hw-module command A-11, A-12

resetting the password

AIP-SSC-5 A-11

AIP-SSM A-13

restoring the current configuration A-4, A-5

restrictions

AIM-IPS 5-3

NME-IPS 9-3

RJ-45 cable pinouts 1-37

RJ-45 to DB2-5 cable pinouts 1-38

RJ-45 to DB-9 cable pinouts 1-38

ROMMON

described 13-13

IPS-4240 13-14

IPS-4255 13-14

IPS-4260 13-17

IPS 4270-20 13-17, 13-19

password recovery A-9

remote sensors 13-13

serial console port 13-13

TFTP 13-13

round-trip time. See RTT.

RTT

described 13-13

TFTP limitation 13-13

S

scheduling automatic upgrades 13-9

security

information on Cisco Security Intelligence Operations 12-9

sensing interfaces

described 1-6

interface cards 1-6

modes 1-6

sensors

access problems A-27

AIP-SSC-5 1-22

AIP-SSM 1-24

asymmetric traffic and disabling anomaly detection A-22

capturing traffic 1-1

comprehensive deployment 1-1

Comprehensive Deployment Solutions (illustration) 1-1

corrupted SensorApp configuration A-38

disaster recovery A-6

downgrading 13-10

electrical guidelines 1-33

IDS mode 1-1

incorrect NTP configuration 1-30, A-19

initializing 10-1, 10-3

interface support 1-6

IP address conflicts A-30

IPS mode 1-1

license 12-12

logging in

SSH 11-11

Telnet 11-11

loose connections 4-52, A-26

misconfigured access lists A-30

models 1-17

network topology 1-3

no alerts A-35, A-60

not seeing packets A-37

NTP time synchronization 1-28, A-18

physical connectivity A-34

power supply guidelines 1-34

preparing for installation 1-32

preventive maintenance A-2

process not running A-32

rack configuration guidelines 1-33

recovering the system image 12-8

reimaging 12-8, 13-1

sensing process not running A-32

setup command 10-1, 10-3, 10-7

site guidelines 1-32

supported 1-17

system images 12-8

TCP reset 1-2

time sources 1-28, A-18

troubleshooting software upgrades A-57

unsupported 1-17

upgrading 13-4

serial number and the show inventory command 5-6, 9-5

service account

creating A-6

described A-5

service-module ids-sensor slot/port session command 11-4, 11-9

service packs described 12-3

service role 11-2

session command

AIM-IPS 11-5

AIP-SSC-5 11-6

AIP-SSM 11-6

IDSM-2 11-8

NME-IPS 11-10

sessioning

AIM-IPS 11-5

AIP-SSM 11-6

IDSM-2 11-8

NME-IPS 11-10

setting up terminal servers 1-19, 11-3, 13-13

setup

automatic 10-1

command 10-1, 10-3, 10-7, 10-13, 10-16, 10-20, 10-24

simplified mode 10-1

shallow rack installation (IPS 4270-20) 4-19

show events command A-92, A-93

show health command A-75

show interfaces command A-91

show inventory command 5-6, 9-5

show module 1 details command A-68

show settings command A-17

show statistics command A-81

show statistics virtual-sensor command A-26, A-81

show tech-support command A-75

show version command A-78, A-79

signature/virus update files described 12-4

signature engine update files described 12-4

signatures and no TCP reset A-54

site guidelines 1-32

slot assignments

IDSM-2 8-5

supervisor engines 8-5

SNMP supported MIBs A-21

software bypass

supported configurations 3-4, 4-6

with hardware bypass 3-4, 4-6

software downloads Cisco.com 12-1

software file names

recovery (illustration) 12-5

signature/virus updates (illustration) 12-4

signature engine updates (illustration) 12-5

system image (illustration) 12-5

software release examples

platform-dependent 12-6

platform identifiers 12-7

platform-independent 12-6

software requirements

AIM-IPS 5-2

NME-IPS 9-2

software updates

supported FTP servers 13-2

supported HTTP/HTTPS servers 13-2

SPAN

appliances 1-19

IDSM-2 1-26

port issues A-34

specifications

AIM-IPS 5-1

AIP-SSC-5 6-1

AIP-SSM 7-1

IDSM-2 8-1

IPS-4240 2-4

IPS-4255 2-4

IPS-4260 3-9

IPS 4270-20 4-15

NME-IPS 9-1

subinterface 0 described 1-16

supported

FTP servers 13-2

HTTP/HTTPS servers 13-2

IDSM-2 configurations 8-2, A-63

switch commands for troubleshooting A-63

Switched Port Analyzer. See SPAN.

System Configuration Dialog

described 10-2

example 10-2

system image

installing

IDSM2 (Cisco IOS software) 13-29

IPS-4240 13-14

IPS-4255 13-14

IPS-4260 13-17

system images sensors 12-8

T

T-15 Torx screwdriver (IPS 4270-20) 4-45

TAC

service account A-5

show tech-support command A-75

TCP reset interfaces

conditions 1-10

described 1-9

list 1-10

TCP resets

described 1-2

IDSM-2 port 8-3, A-68

not occurring A-54

terminal server setup 1-19, 11-3, 13-13

testing fail-over 3-5, 4-6

TFTP servers

maximum file size limitation 13-13

RTT 13-13

time and the sensor 1-28, A-18

time correction on the sensor 1-31, A-20

time sources

AIM-IPS 1-29, A-18

AIP-SSM 1-30, A-19

appliances 1-28, A-18

IDSM-2 1-29, A-18

NME-IPS 1-29, A-18

time synchronization (IPS modules) 1-30, A-19

trial license key 12-10

troubleshooting

AIP-SSC-5 reset A-69

AIP-SSM

commands A-68

debugging A-70

failover scenarios A-71

recovering A-70

reset A-69

Analysis Engine busy A-59

applying software updates A-56

ARC

blocking not occurring for signature A-45

device access issues A-42

enabling SSH A-45

inactive state A-41

misconfigured MBS A-46

verifying device interfaces A-44

automatic update A-56

cannot access sensor A-27

cidDump A-96

cidLog messages to syslog A-53

communication A-27

corrupted SensorApp configuration A-38

debug logger zone names (table) A-52

debug logging A-48

Diagnostic Panel (IPS 4270-20) 4-42

disaster recovery A-6

duplicate sensor IP addresses A-30

enabling debug logging A-48

external product interfaces A-24

gathering information A-74

IDM cannot access sensor A-59

IDM will not load A-58

IDSM-2

command and control port A-66

diagnosing problems A-62

not online A-65, A-66

serial cable A-68

status indicator A-64

switch commands A-63

IME time synchronization A-61

IPS modules time drift 1-30, A-19

manual block to bogus host A-45

misconfigured access list A-30

no alerts A-35, A-60

NTP A-54

password recovery A-17

physical connectivity issues A-34

preventive maintenance A-2

reset not occurring for a signature A-54

sensing process not running A-32

sensor events A-92

sensor loose connections 4-52, A-26

sensor not seeing packets A-37

sensor software upgrade A-57

service account A-5

show events command A-92

show interfaces command A-91

show statistics command A-81

show tech-support command A-75, A-77

show version command A-78

software upgrades A-55

SPAN port issue A-34

upgrading to 6.x A-55

verifying Analysis Engine is running A-23

verifying ARC status A-40

U

unassigned VLAN groups described 1-16

unauthenticated NTP 1-29, 1-30, A-18

unsupported sensors 1-17

upgrade command 13-3, 13-5

upgrading

maintenance partition

IDSM-2 (Catalyst software) 13-38

IDSM-2 (Cisco IOS software) 13-38

minimum required version 12-7

recovery partition 13-6, 13-11

to 6.2 12-7

to 6.x A-55

URLs for Cisco Security Intelligence Operations 12-9

using

debug logging A-48

TCP reset interfaces 1-10

V

VACLs and IDSM-2 1-26

verifying

IDSM-2 installation 8-9

NME-IPS installation 5-6, 9-6

NTP configuration 1-31

password recovery A-17

sensor initialization 10-27

sensor setup 10-27

VLAN access control list. See VACL.

VLAN groups

802.1q encapsulation 1-16

configuration restrictions 1-12

deploying 1-16

described 1-15

switches 1-16

	Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 6.2
	Index
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 6.2 Preface Introducing the Sensor Installing IPS-4240 and IPS-4255 Installing IPS-4260 Installing IPS 4270-20 Installing AIM-IPS Installing AIP-SSC-5 Installing AIP-SSM Installing IDSM-2 Installing NME-IPS Initializing the Sensor Logging In to the Sensor Obtaining Software Upgrading, Downgrading, and Installing System Images Troubleshooting Glossary Index	Download this chapter Index Download the complete book Click Here for Whole-Book PDF (PDF - 9 MB) Feedback Table Of Contents Numerics - A - B - C - D - E - F - G - H - I - L - M - N - O - P - R - S - T - U - V - Index Numerics 10GE interface card described 3-3, 4-4 illustration 3-4, 4-5 2SX interface card described 3-3, 4-4 illustration 3-3, 4-4 4GE bypass interface card configuration restrictions 3-5, 4-7 described 3-2, 3-4, 4-3, 4-6 illustration 3-3, 4-4 802.1q encapsulation VLAN groups 1-16 A access control list. See ACL. accessing Diagnostic Panel (IPS 4270-20) 4-42 IPS software 12-1 access lists misconfiguration A-30 actions ACL changes 1-2 IP logs 1-3 multiple packet drop 1-3 TCP reset 1-2 adaptive security appliance described 1-22, 1-24 AIM-IPS branch router (illustration) 1-21 described 1-20 illustration 1-22 initializing 10-13 installing 5-5 installing system image 13-22 interfaces described 5-4 logging in 11-5 removing 5-5 restrictions 5-3 session command 11-5 sessioning 11-4, 11-5 setup command 10-13 software requirements 5-2 specifications 5-1 time sources 1-29, A-18 AIP-SSC-5 described 1-22 indicators (illustration) 6-2 indicators (table) 6-2 initializing 10-6 installing 6-2 logging in 11-6 models 1-22 password recovery A-10 removing 6-5 requirements 6-1 resetting A-69 resetting the password A-11 session command 11-6 show module 1 command 6-4 specifications (table) 6-1 verifying status 6-4 AIP-SSM described 1-24 indicators described 7-2 illustration 7-2 initializing 10-16 installing 7-3 installing system image 13-25 logging in 11-6 memory specifications 7-2 models 1-24 Normalizer engine A-72 password recovery A-12 recovering A-70 reimaging 13-25 removing 7-5 requirements 7-2 resetting A-69 resetting the password A-13 session command 11-6 setup command 10-16 show module 1 command 7-4 specifications (table) 7-1 time sources 1-30, A-19 verifying status 7-5 alternate TCP reset interface 1-11 Analysis Engine error messages A-26 IDM exits A-59 verify it is running A-23 anomaly detection disabling A-22 appliances ACLs 1-2 application partition image 13-11 described 1-18 GRUB menu A-8 initializing 10-7 logging in 11-2 managers 1-18 models 1-18 password recovery A-8 restrictions 1-19 SPAN 1-19 TCP reset 1-2 terminal servers described 1-19, 11-3, 13-13 setting up 1-19, 11-3, 13-13 time sources 1-28, A-18 upgrading recovery partition 13-6 application partition image recovering 13-11 applying software updates A-56 ARC blocking not occurring for signature A-45 device access issues A-42 enabling SSH A-45 inactive state A-41 misconfigured MBS A-46 troubleshooting A-39 verifying device interfaces A-44 verifying status A-40 ASA IPS modules Deny Connection Inline A-73 Deny Packet Inline A-73 Reset TCP Connection A-73 TCP reset packets A-73 ASDM resetting passwords A-12, A-14 asymmetric traffic and disabling anomaly detection A-22 attack responses and TCP reset 1-2 authenticated NTP 1-29, 1-30, A-18 automatic setup 10-1 automatic upgrade information required 13-7 troubleshooting A-56 autonegotiation for hardware bypass 3-6, 4-7 auto-upgrade-option command 13-7 B backing up configuration A-3 current configuration A-4, A-5 back panel features IPS-4240 2-3 IPS-4255 2-3 IPS-4260 3-7 IPS 4270-20 4-10 basic setup 10-3 blocking not occurring for signature A-45 Bug Toolkit described A-1 URL A-1 C cable management arm converting 4-33 described 4-32 installing 4-29 cable pinouts console port 1-37 RJ-45 1-37 RJ-45 to DB-25 1-38 RJ-45 to DB-9 1-38 cannot access sensor A-27 Catalyst software IDSM-2 enabling full memory tests 8-12 powering off 8-15 powering on 8-15 resetting 8-14 cidDump obtaining information A-96 cisco default password 11-2 default username 11-2 Cisco.com accessing software 12-1 downloading software 12-1 IPS software 12-1 software downloads 12-1 Cisco IOS software IDSM-2 enabling full memory tests 8-13 powering down 8-16 powering up 8-16 resetting 8-14 Cisco IPS software files 13-3 Cisco Security Intelligence Operations described 12-9 URL 12-9 Cisco Services for IPS service contract 12-11 supported products 12-11 clear events command 1-31, A-20, A-96 clearing events A-96 statistics A-82 clear password command A-10, A-15 command and control interface described 1-5 Ethernet 1-2 list 1-5 commands auto-upgrade-option 13-7 clear events 1-31, A-20, A-96 clear password A-10, A-15 copy backup-config A-3 copy current-config A-3 copy license-key 12-13 debug module-boot A-70 downgrade 13-10 hw-module module 1 reset A-69 hw-module module slot_number password-reset A-11, A-12 session 11-5, 11-10 setup 10-1, 10-3, 10-7, 10-13, 10-16, 10-20, 10-24 show events A-93 show health A-75 show inventory 5-6, 9-5 show module 1 details A-68 show settings A-17 show statistics A-81 show statistics virtual-sensor A-26, A-81 show tech-support A-75 show version A-79 upgrade 13-3, 13-5 configuration files backing up A-3 merging A-3 configuration restrictions alternate TCP reset interface 1-11 inline interface pairs 1-11 inline VLAN pairs 1-11 interfaces 1-10 physical interfaces 1-10 VLAN groups 1-12 configuring automatic upgrades 13-9 maintenance partition IDSM-2 (Catalyst software) 13-30 IDSM-2 (Cisco IOS software) 13-34 upgrades 13-4 console port pinouts 1-37 converting cable management arm 4-33 copy backup-config command A-3 copy current-config command A-3 copy license-key command 12-13 correcting time on the sensor 1-31, A-20 creating the service account A-6 cryptographic account Encryption Software Export Distribution Authorization from 12-2 obtaining 12-2 current configuration back up A-3 D DC power supply (IPS-4240) 2-10 debug logging enable A-48 debug-module-boot command A-70 defaults password 11-2 username 11-2 device access issues A-42 Diagnostic Panel accessing 4-42 component list 4-14 illustration 4-14 indicators 4-14 disabling anomaly detection A-22 password recovery A-16 disaster recovery A-6 displaying events A-94 health status A-75 password recovery setting A-17 statistics A-82 tech support information A-76 version A-79 downgrade command 13-10 downgrading sensors 13-10 downloading software 12-1 duplicate IP addresses A-30 E electrical safety guidelines 1-33 enabling debug logging A-48 full memory tests Catalyst software 8-12 Cisco IOS software 8-13 Encryption Software Export Distribution Authorization form cryptographic account 12-2 described 12-2 ESD environment 1-35 Ethernet port indicators IPS-4240 2-3 IPS-4255 2-3 IPS-4260 3-8 IPS 4270-20 4-11 event display A-94 Event Store and clearing events 1-31, A-20 event types A-92 examples ASA failover configuration A-71 expansion card interfaces naming conventions 3-4, 4-5 expansion card slots IPS-4260 3-20, 3-22 IPS 4270-20 4-43 external product interfaces issues A-24 troubleshooting A-24 F fail-over testing 3-5, 4-6 fan indicators (IPS 4270-20) 4-50 fans (IPS 4270-20) 4-50 files Cisco IPS 13-3 IDSM2 password recovery A-15 finding the serial number 5-6, 9-5 front panel indicators IPS-4240 2-3 IPS4255 2-3 IPS-4260 3-7 IPS 4270-20 4-9 front panel switches IPS-4260 3-7 IPS 4270-20 4-9 FTP servers supported 13-2 G grounding lugs (IPS-4260) 3-16 GRUB menu password recovery A-8 guidelines electrical safety 1-33 power supplies 1-34 rack configuration 1-33 H hardware bypass autonegotiation 3-6, 4-7 configuration restrictions 3-5, 4-7 fail-over 3-5, 4-6 IPS-4260 3-4 IPS 4270-20 3-4, 4-6 link status changes and drops 3-6, 4-8, A-26 proper configuration 3-6, 4-7, A-25 supported configurations 3-4, 4-6 with software bypass 3-4, 4-6 HTTP/HTTPS servers 13-2 hw-module module 1 reset command A-69 hw-module module slot_number password-reset command A-11, A-12 I IDM Analysis Engine is busy A-59 will not load A-58 IDS appliances unsupported models 1-17 IDSM-2 command and control port A-66 configuring maintenance partition (Catalyst software) 13-30 maintenance partition (Cisco IOS software) 13-34 described 1-26 enabling full memory tests Catalyst software 8-12 Cisco IOS software 8-13 front panel 8-3 hot swapping 8-4, 8-8 initializing 10-20 installing procedure 8-5 required tools 8-4 system image (Catalyst software) 13-28 system image (Cisco IOS software) 13-30 logging in 11-8 PFC 8-5 powering down Cisco IOS software 8-16 powering off Catalyst software 8-15 powering on Catalyst software 8-15 powering up Cisco IOS software 8-16 reimaging 13-28 removing 8-10 requirements 8-2 resetting Catalyst software 8-14 Cisco IOS software 8-14 described 8-13 sessioning 11-8 setup command 10-20 shutdown button 8-3 command 8-3 described 8-11 slot assignments 8-5 SPAN 1-26 specifications 8-1 status indicator 8-3 supported configurations 8-2, A-63 TCP reset port 8-3, A-68 time sources 1-29, A-18 upgrading maintenance partition (Catalyst software) 13-38 maintenance partition (Cisco IOS software) 13-38 VACLs 1-26 verifying installation 8-9 IDSM2 installing system image (Cisco IOS software) 13-29 password recovery A-14 password recovery image file A-15 IDS switch modules unsupported models 1-18 IME time synchronization problems A-61 initializing AIM-IPS 10-13 AIP-SSC-5 10-6 AIP-SSM 10-16 appliances 10-7 IDSM-2 10-20 NME-IPS 10-24 sensors 10-1, 10-3 user roles 10-1 verifying 10-27 inline interface pair mode configuration restrictions 1-11 described 1-14 inline VLAN pair mode configuration restrictions 1-11 described 1-15 supported sensors 1-15 installation preparation 1-32 installer major version 12-5 installer minor version 12-5 installing AIM-IPS 5-5 AIP-SSC-5 6-2 AIP-SSM 7-3 cable management arm 4-29 fans (IPS 4270-20) 4-50 IPS-4240 2-8 IPS-4255 2-8 IPS-4260 3-16 IPS 4270-20 4-36 license key 12-13 NME-IPS 9-5 sensor license 12-12 system image AIP-SSM 13-25 IDSM-2 (Catalyst software) 13-28 IDSM-2 (Cisco IOS software) 13-30 IDSM2 (Cisco IOS software) 13-29 IPS-4240 13-14 IPS-4255 13-14 IPS-4260 13-17 IPS 4270-20 13-19 NME-IPS 13-39 interface cards IPS-4260 10GE card 3-3 2SX card 3-3 4GE card 3-2 installing 3-20 removing 3-20 IPS 4270-20 10GE card 4-4 2SX card 4-4 4GE card 4-3 installing 4-43 removing 4-43 interfaces alternate TCP reset 1-5 command and control 1-5 configuration restrictions 1-10 described 1-4 port numbers 1-4 sensing 1-5, 1-6 slot numbers 1-4 support (table) 1-6 TCP reset 1-9 VLAN groups 1-5 internal health information (IPS 4270-20) 4-43 introducing AIM-IPS 1-20 AIP-SSC-5 1-22 AIP-SSM 1-24 IDSM-2 1-26 NME-IPS 1-27 IPS-4240 accessories 2-5 back panel illustration 2-3 indicators 2-3 described 2-1 features 2-2 front panel illustration 2-2 indicators 2-3 installing 2-8 installing DC power supply 2-10 installing system image 13-14 introducing 2-1 password recovery A-9 rack mounting 2-6 reimaging 13-14 specifications 2-4 IPS-4255 accessories 2-5 back panel (illustration) 2-3 front panel illustration 2-2 indicators 2-3 installing 2-8 installing system image 13-14 introducing 2-1 password recovery A-9 rack mounting 2-6 reimaging 13-14 specifications 2-4 IPS-4260 4GE bypass interface card 3-2 accessories kit 3-9 back panel features 3-7 chassis cover removing 3-19 replacing 3-19 described 3-1 Ethernet port indicators 3-8 expansion card slots 3-20, 3-22 features 3-6 front panel indicators 3-7 switches 3-7 grounding lugs 3-16 hardware bypass 3-4 installing 3-16 installing interface cards 3-20 installing system image 13-17 interface naming conventions 3-4 network ports 3-2 performance 3-2 power supplies 3-2 power supply indicators 3-8 rack mounting 2-post 3-13 4-post 3-10 reimaging 13-17 removing interface cards 3-20 sensing interfaces 3-2 specifications 3-9 supported interface cards 3-2 IPS 4270-20 4GE bypass interface card 4-2 accessing Diagnostic Panel 4-42 accessories kit 4-16 back panel features 4-10 chassis cover removing 4-40 replacing 4-40 converting cable management arm 4-33 described 4-1 Diagnostic Panel described 4-14 illustration 4-14 Ethernet port indicators described 4-11 illustration 4-11 expansion card slots 4-43 extending from a rack 4-27 fan connector and indicator (illustration) 4-50 fan indicators 4-50 fans 4-50 features 4-8 front panel indicators 4-9 switches 4-9 front view (illustration) 4-8 hardware bypass 3-4, 4-6 hot-pluggable power supplies 4-45 installation 4-36 installing cable management arm 4-29 fans 4-50 in a rack 4-18 interface cards 4-43 power supplies 4-45 installing system image 13-19 interface naming conventions 4-5 maximum rack depth 4-17 network ports 4-2 performance 4-2 power supplies described 4-3 indicators 4-12 rack requirements 4-17 rail system kit described 4-16 minimum rack depth 4-17 redundant power supplies 4-45 reimaging 13-19 removing interface cards 4-43 power supplies 4-45 sensing interfaces 4-2 shallow rack installation 4-19 specifications 4-15 switches and indicators (illustration) 4-9 T-15 Torx screwdriver 4-45 IPS appliances Deny Connection Inline A-73 Deny Packet Inline A-73 Reset TCP Connection A-73 TCP reset packets A-73 IPS modules time synchronization 1-30, A-19 IPS software available files 12-1 obtaining 12-1 platform-dependent release examples 12-6 IPS software file names major updates (illustration) 12-4 minor updates (illustration) 12-4 patch releases (illustration) 12-4 service packs (illustration) 12-4 IPv6 SPAN ports 1-13 switches 1-13 L license key installation 12-13 trial 12-10 licensing described 12-10 IPS device serial number 12-10 Licensing pane configuring 12-12 described 12-10 limitations for concurrent CLI sessions 2-1, 3-1, 4-1, 5-1, 6-1, 7-1, 8-1, 9-1, 11-1 logging in AIM-IPS 11-5 AIP-SSC-5 11-6 AIP-SSM 11-6 appliances 11-2 IDSM-2 11-8 NME-IPS 11-10 sensors SSH 11-11 Telnet 11-11 service role 11-2 terminal servers 1-19, 11-3, 13-13 user role 11-1 loose connections and sensors 4-52, A-26 M maintenance partition configuring IDSM-2 (Catalyst software) 13-30 IDSM-2 (Cisco IOS software) 13-34 major updates described 12-3 manual block to bogus host A-45 master blocking sensor not set up properly A-46 merging configuration files A-3 MIBs supported A-21 minor updates described 12-3 modes IDS 1-1 inline interface pair 1-14 inline VLAN pair 1-15 IPS 1-1 promiscuous 1-12 VLAN Groups 1-15 modules AIM-IPS described 1-20 specifications 5-1 AIP-SSC-5 described 1-22 specifications 6-1 AIP-SSM described 1-24 memory specifications 7-2 specifications 7-1 IDSM-2 1-26, 8-3, 8-4, 8-5, 8-10 NME-IPS described 1-27 specifications 9-1 N Network Timing Protocol. See NTP. NME-IPS illustration 1-28 initializing 10-24 installing system image 13-39 introducing 1-27 logging in 11-10 reimaging 13-39 restrictions 9-3 session command 11-10 sessioning 11-9, 11-10 setup command 10-24 software requirements 9-2 specifications 9-1 time sources 1-29, A-18 verifying installation 5-6, 9-6 NTP authenticated 1-29, 1-30, A-18 described 1-28, A-18 incorrect configuration 1-30, A-19 time synchronization 1-28, A-18 unauthenticated 1-29, 1-30, A-18 verifying configuration 1-31 O obtaining cryptographic account 12-2 IPS sofware 12-1 P password recovery AIM-IPS A-10 AIP-SSC-5 A-10 AIP-SSM A-12 appliances A-8 CLI A-16 described A-8 disabling A-16 GRUB menu A-8 IDSM2 A-14 IPS-4240 A-9 IPS-4255 A-9 NME-IPS A-15 platforms A-8 ROMMON A-9 troubleshooting A-17 verifying A-17 patch releases described 12-3 performance (IPS 4270-20) 4-2 PFC described 8-5 physical connectivity issues A-34 physical interfaces configuration restrictions 1-10 platforms concurrent CLI sessions 2-1, 3-1, 4-1, 5-1, 6-1, 7-1, 8-1, 9-1, 11-1 Policy Feature Card. See PFC. powering down IDSM-2 (Cisco IOS software) 8-16 powering off IDSM-2 (Catalyst software) 8-15 powering on IDSM-2 (Catalyst software) 8-15 powering up IDSM-2 (Cisco IOS software) 8-16 power supplies hot-pluggable (IPS 4270-20) 4-45 IPS 4270-20 installing 4-45 removing 4-45 redundant (IPS 4270-20) 4-45 power supply guidelines 1-34 power supply indicators IPS-4260 3-8 IPS 4270-20 4-12 preparing for sensor installation 1-32 prerequisites AIM-IPS 5-2, 9-2 NME-IPS 5-2, 9-2 promiscuous mode described 1-12 packet flow 1-12 SPAN ports 1-13 VACL capture 1-13 R rack airflow requirements 4-17 configuration guidelines 1-33 IPS 4270-20 extension 4-27 installation 4-18 requirements 4-17 space requirements 4-17 rack mounting IPS-4260 2-post 3-13 4-post 3-10 rail system maximum rack depth 4-17 minimum rack depth 4-17 rack hole-types (illustration) 4-16 round holes 4-16 square holes 4-16 threaded holes 4-16 rail system kit cable management arm 4-29, 4-32 contents 4-17 IPS 4270-20 4-16 required tools 4-17 recover command 13-11 recovering AIP-SSM A-70 application partition image 13-11 recovery partition upgrade 13-6 reimaging AIM-IPS 13-22 AIP-SSM 13-25 appliances 13-11 described 13-1 IDSM-2 13-28 IPS-4240 13-14 IPS-4255 13-14 IPS-4260 13-17 IPS 4270-20 13-19 NME-IPS 13-39 sensors 12-8, 13-1 removing AIM-IPS 5-5 AIP-SSC-5 6-5 AIP-SSM 7-5 chassis cover IPS-4260 3-19 IPS 4270-20 4-40 last applied service pack 13-10 signature update 13-10 replacing chassis cover IPS-4260 3-19 IPS 4270-20 4-40 requirements AIP-SSC-5 6-1 AIP-SSM 7-2 racks airflow 4-17 space 4-17 reset not occurring for a signature A-54 resetting AIP-SSC-5 A-69 AIP-SSM A-69 IDSM-2 8-13 passwords ASDM A-12, A-14 hw-module command A-11, A-12 resetting the password AIP-SSC-5 A-11 AIP-SSM A-13 restoring the current configuration A-4, A-5 restrictions AIM-IPS 5-3 NME-IPS 9-3 RJ-45 cable pinouts 1-37 RJ-45 to DB2-5 cable pinouts 1-38 RJ-45 to DB-9 cable pinouts 1-38 ROMMON described 13-13 IPS-4240 13-14 IPS-4255 13-14 IPS-4260 13-17 IPS 4270-20 13-17, 13-19 password recovery A-9 remote sensors 13-13 serial console port 13-13 TFTP 13-13 round-trip time. See RTT. RTT described 13-13 TFTP limitation 13-13 S scheduling automatic upgrades 13-9 security information on Cisco Security Intelligence Operations 12-9 sensing interfaces described 1-6 interface cards 1-6 modes 1-6 sensors access problems A-27 AIP-SSC-5 1-22 AIP-SSM 1-24 asymmetric traffic and disabling anomaly detection A-22 capturing traffic 1-1 comprehensive deployment 1-1 Comprehensive Deployment Solutions (illustration) 1-1 corrupted SensorApp configuration A-38 disaster recovery A-6 downgrading 13-10 electrical guidelines 1-33 IDS mode 1-1 incorrect NTP configuration 1-30, A-19 initializing 10-1, 10-3 interface support 1-6 IP address conflicts A-30 IPS mode 1-1 license 12-12 logging in SSH 11-11 Telnet 11-11 loose connections 4-52, A-26 misconfigured access lists A-30 models 1-17 network topology 1-3 no alerts A-35, A-60 not seeing packets A-37 NTP time synchronization 1-28, A-18 physical connectivity A-34 power supply guidelines 1-34 preparing for installation 1-32 preventive maintenance A-2 process not running A-32 rack configuration guidelines 1-33 recovering the system image 12-8 reimaging 12-8, 13-1 sensing process not running A-32 setup command 10-1, 10-3, 10-7 site guidelines 1-32 supported 1-17 system images 12-8 TCP reset 1-2 time sources 1-28, A-18 troubleshooting software upgrades A-57 unsupported 1-17 upgrading 13-4 serial number and the show inventory command 5-6, 9-5 service account creating A-6 described A-5 service-module ids-sensor slot/port session command 11-4, 11-9 service packs described 12-3 service role 11-2 session command AIM-IPS 11-5 AIP-SSC-5 11-6 AIP-SSM 11-6 IDSM-2 11-8 NME-IPS 11-10 sessioning AIM-IPS 11-5 AIP-SSM 11-6 IDSM-2 11-8 NME-IPS 11-10 setting up terminal servers 1-19, 11-3, 13-13 setup automatic 10-1 command 10-1, 10-3, 10-7, 10-13, 10-16, 10-20, 10-24 simplified mode 10-1 shallow rack installation (IPS 4270-20) 4-19 show events command A-92, A-93 show health command A-75 show interfaces command A-91 show inventory command 5-6, 9-5 show module 1 details command A-68 show settings command A-17 show statistics command A-81 show statistics virtual-sensor command A-26, A-81 show tech-support command A-75 show version command A-78, A-79 signature/virus update files described 12-4 signature engine update files described 12-4 signatures and no TCP reset A-54 site guidelines 1-32 slot assignments IDSM-2 8-5 supervisor engines 8-5 SNMP supported MIBs A-21 software bypass supported configurations 3-4, 4-6 with hardware bypass 3-4, 4-6 software downloads Cisco.com 12-1 software file names recovery (illustration) 12-5 signature/virus updates (illustration) 12-4 signature engine updates (illustration) 12-5 system image (illustration) 12-5 software release examples platform-dependent 12-6 platform identifiers 12-7 platform-independent 12-6 software requirements AIM-IPS 5-2 NME-IPS 9-2 software updates supported FTP servers 13-2 supported HTTP/HTTPS servers 13-2 SPAN appliances 1-19 IDSM-2 1-26 port issues A-34 specifications AIM-IPS 5-1 AIP-SSC-5 6-1 AIP-SSM 7-1 IDSM-2 8-1 IPS-4240 2-4 IPS-4255 2-4 IPS-4260 3-9 IPS 4270-20 4-15 NME-IPS 9-1 subinterface 0 described 1-16 supported FTP servers 13-2 HTTP/HTTPS servers 13-2 IDSM-2 configurations 8-2, A-63 switch commands for troubleshooting A-63 Switched Port Analyzer. See SPAN. System Configuration Dialog described 10-2 example 10-2 system image installing IDSM2 (Cisco IOS software) 13-29 IPS-4240 13-14 IPS-4255 13-14 IPS-4260 13-17 system images sensors 12-8 T T-15 Torx screwdriver (IPS 4270-20) 4-45 TAC service account A-5 show tech-support command A-75 TCP reset interfaces conditions 1-10 described 1-9 list 1-10 TCP resets described 1-2 IDSM-2 port 8-3, A-68 not occurring A-54 terminal server setup 1-19, 11-3, 13-13 testing fail-over 3-5, 4-6 TFTP servers maximum file size limitation 13-13 RTT 13-13 time and the sensor 1-28, A-18 time correction on the sensor 1-31, A-20 time sources AIM-IPS 1-29, A-18 AIP-SSM 1-30, A-19 appliances 1-28, A-18 IDSM-2 1-29, A-18 NME-IPS 1-29, A-18 time synchronization (IPS modules) 1-30, A-19 trial license key 12-10 troubleshooting AIP-SSC-5 reset A-69 AIP-SSM commands A-68 debugging A-70 failover scenarios A-71 recovering A-70 reset A-69 Analysis Engine busy A-59 applying software updates A-56 ARC blocking not occurring for signature A-45 device access issues A-42 enabling SSH A-45 inactive state A-41 misconfigured MBS A-46 verifying device interfaces A-44 automatic update A-56 cannot access sensor A-27 cidDump A-96 cidLog messages to syslog A-53 communication A-27 corrupted SensorApp configuration A-38 debug logger zone names (table) A-52 debug logging A-48 Diagnostic Panel (IPS 4270-20) 4-42 disaster recovery A-6 duplicate sensor IP addresses A-30 enabling debug logging A-48 external product interfaces A-24 gathering information A-74 IDM cannot access sensor A-59 IDM will not load A-58 IDSM-2 command and control port A-66 diagnosing problems A-62 not online A-65, A-66 serial cable A-68 status indicator A-64 switch commands A-63 IME time synchronization A-61 IPS modules time drift 1-30, A-19 manual block to bogus host A-45 misconfigured access list A-30 no alerts A-35, A-60 NTP A-54 password recovery A-17 physical connectivity issues A-34 preventive maintenance A-2 reset not occurring for a signature A-54 sensing process not running A-32 sensor events A-92 sensor loose connections 4-52, A-26 sensor not seeing packets A-37 sensor software upgrade A-57 service account A-5 show events command A-92 show interfaces command A-91 show statistics command A-81 show tech-support command A-75, A-77 show version command A-78 software upgrades A-55 SPAN port issue A-34 upgrading to 6.x A-55 verifying Analysis Engine is running A-23 verifying ARC status A-40 U unassigned VLAN groups described 1-16 unauthenticated NTP 1-29, 1-30, A-18 unsupported sensors 1-17 upgrade command 13-3, 13-5 upgrading maintenance partition IDSM-2 (Catalyst software) 13-38 IDSM-2 (Cisco IOS software) 13-38 minimum required version 12-7 recovery partition 13-6, 13-11 to 6.2 12-7 to 6.x A-55 URLs for Cisco Security Intelligence Operations 12-9 using debug logging A-48 TCP reset interfaces 1-10 V VACLs and IDSM-2 1-26 verifying IDSM-2 installation 8-9 NME-IPS installation 5-6, 9-6 NTP configuration 1-31 password recovery A-17 sensor initialization 10-27 sensor setup 10-27 VLAN access control list. See VACL. VLAN groups 802.1q encapsulation 1-16 configuration restrictions 1-12 deploying 1-16 described 1-15 switches 1-16
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks