AIM-IPS password reset

ohiomike12 · ‎07-06-2011

I am following the password reset procedure for the AIM-IPS module in a 2811 Router.

I enter the commnd "service-module ids-sensor 0/1 reset" after I suspended a session, then i return to the session, but the only think there is the username prompt. It never changes to show the bootloader information and the "When prompted for boot options enter *** quickly" sentence.

Doesn anyone have any idea what I could be doing wrong? I've tried it from a shutdown state and from a steady state. I get prompts that the state is changing such as

c2811#service-module iDS-Sensor 0/0 reset

Use reset only to recover from shutdown or failed state

Warning: May lose data on the the NVRAM, nonvolatile file system or unsaved configuration!

Do you want to reset?[confirm]

Trying to reload Service Module IDS-Sensor0/0.

IDS-Sensor0/0 changing state from: SERVICE_MODULE_STATE_HALT to SERVICE_MODULE_STATE_ERRQ

but the session never changes, it just keeps showing

Trying 10.1.9.201, 2194 ... Open

User Access Verification

Username:

Thanks in advance for any help.

Dustin Ralich · ‎07-08-2011

Sounds like the AIM-IPS sensor module is not actually resetting after you issue the service-module ids-sensor reset command. Which slot/port is your AIM-IPS actually installed in? (one of your examples referenced 0/0 and the other 0/1)

If you are definitely issuing the command with the correct slot/port number, then you may need to power down (not reload) the 2811 (which will also power down the AIM-IPS) then power it back up to ensure that the heartbeat signal between the two is [re-]synchronized.

After doing that, can you post a copy of the service-module ids-sensor status command output for us (replace any information you feel is sensitive with "X"s or similar)?

Jiri Chvatal · ‎12-03-2012

Hello there,

I am having the same issue as mike miller.

Let me explain my problem. I set the passwords some time ago and they were working, but then we rolled back the ios to another version, because some eigrp failures has occured. So the IPS was not detectable on that router. Few days ago I have upload another ios, with ips module support (C2800NM-ADVIPSERVICEK9-M, 12.4.(22)T5, also 12.4.15XY3), but I cant login to ips anymore. IP adress stayed the same, passwords as well, but they're not working. So I tried to do a password recovery, but has the same result as mike.

CLI output when trying to reset the module :

Sit-Man1#service-module idS-Sensor 0/0 reset

Use reset only to recover from shutdown or failed state

Warning: May lose data on the the NVRAM, nonvolatile file system or unsaved configuration!

Do you want to reset?[confirm]

Trying to reload Service Module IDS-Sensor0/0.

changing state from: SERVICE_MODULE_STATE_STDY to SERVICE_MODULE_STATE_ERRQ

CLI output with module status :

Sit-Man1#service-module idS-Sensor 0/0 status

Service Module is Cisco IDS-Sensor0/0

Service Module supports session via TTY line 194

Service Module is trying to recover from error

Service Module heartbeat-reset is enabled

Service Module is in fail open

Service Module status is not available

After this "recover" module goes to Steady mode and ip address replies.

Sit-Man1#service-module idS-Sensor 0/0 status

Service Module is Cisco IDS-Sensor0/0

Service Module supports session via TTY line 194

Service Module is in Steady state

Service Module heartbeat-reset is enabled

Getting status from the Service Module, please wait..

Cisco Systems Intrusion Prevention System Network Module

Software version: 7.0(2)E4

Model: AIM-IPS

Memory: 443504 KB

Mgmt IP addr: 192.168.21.210

Mgmt web ports: 443

Mgmt TLS enabled: true

Was trying to disable heart-beat, enable it again, shutdown module before reset, tried 3 different IOS versions, power off the router. None of this did help so far...

Any ideas?

Thank you.