Numerics -
A -
B -
C -
D -
E -
F -
G -
H -
I -
L -
M -
N -
O -
P -
R -
S -
T -
U -
V -
W -
Index
Numerics
10BaseT cable pinouts
appliance F-1
802.1q encapsulation for VLAN groups 1-14
A
access control list see ACL
accessing
IPS software C-2
service account E-5
access list misconfiguration E-22
actions
ACL changes 1-2
IP logs 1-3
multiple packet drop 1-3
TCP reset 1-2
alternate TCP reset interface
configuration restrictions 1-10
designating 1-8
restrictions 1-5
Analysis Engine
error messages E-19
errors E-47
IDM exits E-50
sensing interfaces 1-6
verify it is running E-16
anomaly detection disabling E-14
appliance
cable pinouts (10BaseT) F-1
cable pinouts(10BaseT) F-1
appliances
ACLs 1-2
described 1-15
GRUB menu E-8
initializing B-7
logging in A-2
managers 1-15
models 1-15
password recovery E-8
preparing for installation 2-1
restrictions 1-16
SPAN 1-15
TCP reset 1-2
terminal servers
described 1-16, A-2, D-14
setting up 1-16, A-2, D-14
upgrading recovery partition D-6
application partition image recovery D-12
applying software updates E-47
ARC
blocking not occurring for signature E-37
device access issues E-35
enabling SSH E-37
inactive state E-33
misconfigured master blocking sensor E-38
troubleshooting E-31
verifying device interfaces E-36
verifying status E-32
asymmetric traffic and disabling anomaly detection E-14
attack responses for TCP resets 1-2
attempt limit
RADIUS E-17
authenticated NTP 1-17, E-12
automatic setup B-2
automatic upgrade
information required D-7
troubleshooting E-48
auto-upgrade-option command D-7
B
backing up
configuration E-2
current configuration E-4
back panel features
IPS 4345 3-7
IPS 4360 3-7
IPS 4510 4-7
IPS 4520 4-7
basic setup B-4
blocking not occurring for signature E-37
BST
described E-1
URL E-1
Bug Search Tool. See BST.
C
cable pinouts
RJ-45 to DB-9 F-3
cannot access sensor E-20
cidDump obtaining information E-83
circuit breaker warning 3-18, 3-21
cisco
default password A-2
default username A-2
Cisco.com
accessing software C-2
downloading software C-1
software downloads C-1
Cisco Bug Search Tool
described E-1
Cisco Security Intelligence Operations
described C-7
URL C-8
Cisco Services for IPS
service contract C-9
supported products C-9
clear events command 1-18, E-12, E-83
clearing
events E-83
statistics E-64
CLI
password recovery E-10
command and control interface
described 1-5
Ethernet 1-2
list 1-5
commands
auto-upgrade-option D-7
clear events 1-18, E-12, E-83
copy backup-config E-3
copy current-config E-3
copy license-key C-11
downgrade D-11
erase license-key C-13
setup B-1, B-4, B-7
show events E-80
show health E-53
show settings E-11
show statistics E-64
show statistics virtual-sensor E-19, E-64
show tech-support E-54
show version E-59
upgrade D-4, D-6
configuration files
backing up E-2
merging E-2
configuration restrictions
alternate TCP reset interface 1-10
inline interface pairs 1-9
inline VLAN pairs 1-9
interfaces 1-9
physical interfaces 1-9
VLAN groups 1-10
configuring
automatic upgrades D-9
upgrades D-5
copy backup-config command E-3
copy current-config command E-3
copy license-key command C-11
correcting time on the sensor 1-18, E-12
creating the service account E-5
cryptographic account
Encryption Software Export Distribution Authorization from C-2
obtaining C-2
current configuration back up E-2
D
debug logging enable E-40
defaults
password A-2
username A-2
device access issues E-35
disabling
anomaly detection E-14
password recovery E-10
disaster recovery E-6
displaying
events E-81
health status E-53
password recovery setting E-11
statistics E-64
tech support information E-55
version E-59
downgrade command D-11
downgrading sensors D-11
downloading Cisco software C-1
duplicate IP addresses E-23
E
electrical safety guidelines 2-3
enabling debug logging E-40
Encryption Software Export Distribution Authorization form
cryptographic account C-2
described C-2
erase license-key command C-13
errors (Analysis Engine) E-47
ESD environment working in 2-4
events
clearing E-83
displaying E-81
types E-79
Event Store
clearing E-83
clearing events 1-18, E-12
no alerts E-27
time stamp 1-18, E-12
examples
SPAN configuration for IPv6 support 1-11
System Configuration Dialog B-2
external product interfaces
issues E-17
troubleshooting E-18
F
false positives
filtering 1-4
tuning IPS 1-3
files
Cisco IPS (list) C-1
front panel features
IPS 4510 4-4
IPS 4520 4-4
front panel indicators
IPS 4345 3-5
IPS 4360 3-6
FTP servers and software updates D-3
G
global correlation
license B-5
troubleshooting E-15
GRUB menu password recovery E-8
guidelines
electrical safety 2-3
power supplies 2-6
H
health status display E-53
HTTP/HTTPS servers supported D-3
I
IDM
Analysis Engine is busy E-50
described 4-2
web browsers 4-2
will not load E-50
IME
10 devices 4-3
described 4-3
IME time synchronization problems E-52
initializing
appliances B-7
sensors B-1, B-4
user roles B-1
verifying B-13
inline interface pair mode
configuration restrictions 1-9
described 1-12
illustration 1-12
inline mode
interface cards 1-6
pairing interfaces 1-5
inline VLAN pair mode
configuration restrictions 1-9
described 1-13
illustration 1-13
supported sensors 1-13
installation preparation 2-1
installer major version C-5
installer minor version C-5
installing
IPS 4345 3-12
IPS 4360 3-12
IPS 4510 4-13
IPS 4520 4-13
license key C-11
sensor license C-9
system image
IPS 4345 D-15
IPS 4360 D-15
IPS 4510 D-18
IPS 4520 D-18
interfaces
alternate TCP reset 1-5
command and control 1-5
configuration restrictions 1-9
described 1-4
port numbers 1-4
sensing 1-5
slot numbers 1-4
support (table) 1-6
TCP reset 1-8
introducing
IPS 4345 3-1
IPS 4360 3-1
IPS 4510 4-2
IPS 4520 4-2
IPS appliances 1-15
Intrusion Prevention System Device Manager. See IDM. 4-2
Intrusion Prevention System Manager Express. See IME. 4-3
IPS
restrictions 1-16
tuning 1-3
IPS 4345
AC power supply (V01) 3-15
back panel features 3-7
back panel features (illustration) 3-7
described 3-1
front panel (llustration) 3-5
front panel indicators (described) 3-6
indicators 3-5
installation 3-12
installing system image D-15
packing box contents 3-3
password recovery E-8, E-9
rack mounting 3-9
reimaging D-15
specifications 3-2
V01 power supply limitations 3-15
IPS 4360
AC power supply (V02) 3-15
back panel features 3-7
back panel features (illustration) 3-7
described 3-1
front panel (illustration) 3-5
front panel indicators (described) 3-6
indicators 3-6
installation 3-12
installing system image D-15
packing box contents 3-3
password recovery E-8, E-9
power supply modules
installing 3-19
removing 3-19
reimaging D-15
specifications 3-2
V01 power supply limitations 3-15
IPS 4510
back panel features 4-7
back panel features (illustration) 4-7
cable management brackets
described 4-34
installing 4-34
connecting cables 4-13
described 4-2
Ethernet port indicators 4-8
fan modules
hot-pluggable 4-20
installing 4-20
OIR 4-20
removing 4-20
front panel indicators
described 4-5
illustration 4-5
front panel view 4-4
installing
core module 4-16
SFP/SFP+ modules 4-14
slide rail kit hardware 4-21
installing system image D-18
Management 0/0 4-12
management port described 4-13
memory requirements 4-11
OIR
fan supply modules 4-2
not supported 4-2
power supply modules 4-2
SFP/SFP+ 4-2
packing box contents 4-10
password recovery E-8, E-9
power module indicators
described 4-8
illustration 4-7
power supply modules
installing 4-18
removing 4-18
requirements 4-11
rack mounting 4-31
reimaging D-18
removing core module 4-16
SFP ports 4-14
shutting down 4-16
slide rail kit hardware
installing 4-21
specifications 4-9
supported SFP+ modules 4-12
supported SFP modules 4-12
SwitchApp 4-36
IPS 4520
back panel features 4-7
back panel features (illustration) 4-7
cable management brackets
described 4-34
installing 4-34
connecting cables 4-13
described 4-2
Ethernet port indicators 4-8
fan modules
hot-pluggable 4-20
installing 4-20
OIR 4-20
removing 4-20
front panel indicators
described 4-5
illustration 4-5
front panel view 4-4
installing
core module 4-16
SFP/SFP+ modules 4-14
slide rail kit hardware 4-21
installing system image D-18
Management 0/0 4-12
management port described 4-13
memory requirements 4-11
OIR
fan supply modules 4-2
not supported 4-2
power supply modules 4-2
SFP/SFP+ 4-2
packing box contents 4-10
password recovery E-8, E-9
power module indicators
described 4-8
illustration 4-7
power supply modules
installing 4-18
removing 4-18
requirements 4-11
rack mounting 4-31
reimaging D-18
removing core module 4-16
SFP ports 4-14
shutting down 4-16
slide rail kit hardware
installing 4-21
specifications 4-9
supported SFP+ modules 4-12
supported SFP modules 4-12
SwitchApp 4-36
two power supply modules 4-18, 4-20
IPS software
available files C-1
obtaining C-1
IPS software file names
major updates (illustration) C-4
minor updates (illustration) C-4
patch releases (illustration) C-4
service packs (illustration) C-4
IPv6
SPAN ports 1-11
switches 1-11
L
license key
installing C-11
obtaining C-8
trial C-8
uninstalling C-13
viewing status of C-8
licensing
described C-8
IPS device serial number C-8
Licensing pane
configuring C-9
described C-8
logging in
appliances A-2
sensors
SSH A-3
Telnet A-3
service role A-1
terminal servers 1-16, A-2, D-14
user role A-1
loose connections on sensors 4-35, E-19
M
major updates described C-3
Management 0/0 port described 4-12
Management 0/1 described 4-12
manual block to bogus host E-37
master blocking sensor
not set up properly E-38
verifying configuration E-38
merging configuration files E-2
MIBs supported E-13
minor updates described C-3
modes
IDS 1-1
inline interface pair 1-12
inline VLAN pair 1-13
IPS 1-1
promiscuous 1-11
VLAN groups 1-13
N
NTP
authenticated 1-17, E-12
described 1-17, E-12
incorrect configuration 1-17
time synchronization 1-17, E-12
unauthenticated 1-17, E-12
verifying configuration 1-18
O
obtaining
cryptographic account C-2
IPS software C-1
license key C-8
sensor license C-9
OIR
not supported for modules 4-2
supported
fan modules 4-2
power supply modules 4-2
SFP/SFP+ 4-2
P
password recovery
appliances E-8
CLI E-10
described E-8
disabling E-10
displaying setting E-11
GRUB menu E-8
IPS 4345 E-8, E-9
IPS 4360 E-8, E-9
IPS 4510 E-8, E-9
IPS 4520 E-8, E-9
platforms E-8
ROMMON E-9
troubleshooting E-11
verifying E-11
patch releases described C-3
physical connectivity issues E-26
physical interfaces configuration restrictions 1-9
ports
Management 0/0 4-12
Management 0/1 4-12
SFP 4-14
power supply guidelines 2-6
power supply indicators
IPS 4510 4-7
IPS 4520 4-7
power supply modules
hot-pluggable 4-18
installing 3-19
installing (IPS 4510) 4-18
installing (IPS 4520) 4-18
OIR 4-18
redundant configuration 4-18
removing 3-19
removing (IPS 4510) 4-18
removing (IPS 4520) 4-18
preparing for appliance installation 2-1
promiscuous mode
atomic attacks 1-11
described 1-11
illustration 1-11
packet flow 1-11
SPAN ports 1-11
TCP reset interfaces 1-8
VACL capture 1-11
R
rack mounting
IPS 4345 3-9
rack-mounting
IPS 4510 4-31
IPS 4520 4-31
RADIUS
attempt limit E-17
recover command D-12
recovering the application partition image D-12
recovery partition upgrade D-6
reimaging
described D-2
IPS 4345 D-15
IPS 4360 D-15
IPS 4510 D-18
IPS 4520 D-18
sensors D-2, D-12
removing
last applied
service pack D-11
signature update D-11
reset not occurring for a signature E-45
restoring the current configuration E-4
RJ-45 to DB-9 cable pinouts F-3
ROMMON
described D-14
IPS 4345 D-15, E-9
IPS 4360 D-15, E-9
IPS 4510 D-18, E-9
IPS 4520 D-18, E-9
password recovery E-9
remote sensors D-14
serial console port D-14
TFTP D-14
round-trip time. See RTT.
RTT
described D-14
TFTP limitation D-14
S
scheduling automatic upgrades D-9
security
information on Cisco Security Intelligence Operations C-7
sensing interfaces
Analysis Engine 1-6
described 1-5
interface cards 1-6
modes 1-5
sensor license
installing C-9
obtaining C-9
sensors
access problems E-20
application partition image D-12
asymmetric traffic and disabling anomaly detection E-14
capturing traffic 1-1
command and control interfaces (list) 1-5
comprehensive deployment 1-1
Comprehensive Deployment Solutions (illustration) 1-1
corrupted SensorApp configuration E-30
disaster recovery E-6
downgrading D-11
electrical guidelines 2-3
IDS mode 1-1
incorrect NTP configuration 1-17
initializing B-1, B-4
interface support 1-6
IP address conflicts E-23
IPS mode 1-1
IPS tuning tips 1-3
logging in
SSH A-3
Telnet A-3
loose connections 4-35, E-19
misconfigured access lists E-22
models 1-15
network topology 1-3
no alerts E-27, E-52
not seeing packets E-29
NTP time synchronization 1-17, E-12
physical connectivity E-26
power supply guidelines 2-6
preventive maintenance E-2
reimaging D-2
sensing process not running E-24
setup command B-1, B-4, B-7
site guidelines 2-5
supported 1-15
TCP reset 1-2
time sources 1-17, E-12
troubleshooting software upgrades E-49
upgrading D-5
service account
accessing E-5
cautions E-5
creating E-5
described E-5
service packs described C-3
service role A-1
setting up
terminal servers 1-16, A-2, D-14
setup
automatic B-2
command B-1, B-4, B-7
simplified mode B-2
SFP+ modules
described 4-11
supported (table) 4-12
SFP modules
described 4-11
supported (table) 4-12
SFP port (illustration) 4-14
show events command E-80
show health command E-53
show interfaces command E-75
show settings command E-11
show statistics command E-63, E-64
show statistics virtual-sensor command E-19, E-64
show tech-support command E-54
show version command E-59
signature engine update files described C-4
signatures
TCP reset E-45
signature update
files C-4
site guidelines for sensor installation 2-5
SNMP
supported MIBs E-13
software downloads Cisco.com C-1
software file names
recovery (illustration) C-5
signature/virus updates (illustration) C-4
signature engine updates (illustration) C-5
system image (illustration) C-5
software release examples
platform identifiers C-6
platform-independent C-6
software updates
supported FTP servers D-3
supported HTTP/HTTPS servers D-3
SPAN
appliances 1-15
SPAN port issues E-26
specifications
IPS 4345 3-2
IPS 4360 3-2
IPS 4510 4-9
IPS 4520 4-9
statistic display E-64
subinterface 0 described 1-13
supported
FTP servers D-3
HTTP/HTTPS servers D-3
SwitchApp described 4-36
Switched Port Analyzer see SPAN
switches
TCP reset interfaces 1-8
System Configuration Dialog
described B-2
example B-2
system images
installing
IPS 4345 D-15
IPS 4360 D-15
IPS 4510 D-18
IPS 4520 D-18
T
TAC
service account E-5
show tech-support command E-54
TCP reset interfaces
conditions 1-8
described 1-8
list 1-8
promiscuous mode 1-8
switches 1-8
TCP resets
not occurring E-45
signature actions 1-2
tech support information display E-55
terminal server setup 1-16, A-2, D-14
TFTP servers
recommended
UNIX D-14
Windows D-14
RTT D-14
time
correction on the sensor 1-18, E-12
sensors 1-17, E-12
trial license key C-8
troubleshooting E-1
Analysis Engine busy E-50
applying software updates E-47
ARC
blocking not occurring for signature E-37
device access issues E-35
enabling SSH E-37
inactive state E-33
misconfigured master blocking sensor E-38
verifying device interfaces E-36
automatic updates E-48
cannot access sensor E-20
cidDump E-83
cidLog messages to syslog E-44
communication E-20
corrupted SensorApp configuration E-30
debug logger zone names (table) E-44
debug logging E-40
disaster recovery E-6
duplicate sensor IP addresses E-23
enabling debug logging E-40
external product interfaces E-18
gathering information E-53
global correlation E-15
IDM
cannot access sensor E-51
will not load E-50
IME time synchronization E-52
manual block to bogus host E-37
misconfigured access list E-22
no alerts E-27, E-52
NTP E-45
password recovery E-11
physical connectivity issues E-26
preventive maintenance E-2
RADIUS
attempt limit E-17
reset not occurring for a signature E-45
sensing process not running E-24
sensor events E-79
sensor loose connections 4-35, E-19
sensor not seeing packets E-29
sensor software upgrade E-49
service account E-5
show events command E-79
show interfaces command E-75
show statistics command E-63
show tech-support command E-54, E-56
show version command E-59
software upgrades E-47
SPAN
port issue E-26
upgrading E-47
verifying Analysis Engine is running E-16
verifying ARC status E-32
tuning
IPS 1-3
tips 1-3
U
unassigned VLAN groups described 1-13
unauthenticated NTP 1-17, E-12
uninstalling
license key C-13
upgrade command D-4, D-6
upgrade notes and caveats
upgrading IPS software D-1
upgrading
application partition D-12
latest version E-47
recovery partition D-6
sensors D-5
upgrading IPS software
upgrade notes and caveats D-1
URLs for Cisco Security Intelligence Operations C-8
using
debug logging E-40
TCP reset interfaces 1-8
V
verifying
NTP configuration 1-18
password recovery E-11
sensor initialization B-13
sensor setup B-13
version display E-59
viewing
license key status C-8
virtualization
advantages E-13
restrictions E-13
supported sensors E-13
traffic capture requirements E-13
VLAN groups
802.1q encapsulation 1-14
configuration restrictions 1-10
deploying 1-14
switches 1-14
VLAN groups mode
described 1-13
W
warning
circuit breaker 3-18, 3-21
exposed DC wire 3-23