topic Re: IDS4210 - Invalid Interface Name in Network Security

IDS4210 - Invalid Interface Name

jackmacmad — Sun, 10 Mar 2019 09:33:02 GMT

I am trying to setup blocking/shunning from a 4210 (4.1(1)S47) to numerous cisco routers. However I always get an error saying

errorMessage: name=errSystemError ERROR: Invalid interface name [Ethernet2/1] for device [10.10.10.2] Try using the name exactly as it appears in the router CLI.

I have tried using various conventions for the interface name, (e2/1, ethernet2/1) etc, but nothing works. I've tried the same procedure to different routers, but with the same problems occuring.

I can see the sensor telnet'd into the routers via the show users output, but when I look at the output of "show statistics network" on the IDS, I see the routers marked as State=Inactive.

Any ideas as to what I might be missing?

Re: IDS4210 - Invalid Interface Name

marcabal — Thu, 21 Jul 2005 14:22:31 GMT

Are you sure they are Ethernet and not FastEthernet or GigabitEthernet. If it is a FastEthernet or GigabitEthernet then you can not use just Ethernet.

When the sensor connects to the router it will execute:

configure terminal

interface

If the sensor is giving you an error, then it is most likely that the router itself is giving an error when trying to execute the interface command with that interface.

The best way to deal with this is to execute "show run" on the router and use the exact same name for the interface as listed in the "show run" output.

Re: IDS4210 - Invalid Interface Name

jackmacmad — Thu, 21 Jul 2005 21:19:35 GMT

I've checked and double checked the interface name. Pasted it directly from the output of a show run, still no luck. Also I've noticed that the NetDevice shows as Inactive, even though as mentioned, I can see the sensor logged into the router from a 'show users' output.

Anything else I could be missing out on here?

Re: IDS4210 - Invalid Interface Name

marcabal — Fri, 22 Jul 2005 15:25:15 GMT

If your sensor is connecting to the routers using telnet (and not ssh) then their is additional debugging you can do.

Create a service account on the sensor, and login with the service account.

Switch to user root (same password as service account).

Now run tcpdump on the management interface to capture traffic between the sensor and the router.

Now go through IDM and Block/Shun a new Host IP Address.

Wait a minute or 2.

Now stop the capture, and analyze the captured packets.

You should see the sensor log into the router and go through the command to add an acl to the interface.

Look for any errors that the router may be returning.

Marco