Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
0
Helpful
3
Replies

IDS4210 - Invalid Interface Name

jackmacmad
Level 1
Level 1

‎07-20-2005 04:20 PM - edited ‎03-10-2019 01:33 AM

I am trying to setup blocking/shunning from a 4210 (4.1(1)S47) to numerous cisco routers. However I always get an error saying

errorMessage: name=errSystemError ERROR: Invalid interface name [Ethernet2/1] for device [10.10.10.2] Try using the name exactly as it appears in the router CLI.

I have tried using various conventions for the interface name, (e2/1, ethernet2/1) etc, but nothing works. I've tried the same procedure to different routers, but with the same problems occuring.

I can see the sensor telnet'd into the routers via the show users output, but when I look at the output of "show statistics network" on the IDS, I see the routers marked as State=Inactive.

Any ideas as to what I might be missing?

Labels:
0 Helpful
3 Replies 3

marcabal
Cisco Employee
Cisco Employee

‎07-21-2005 07:22 AM

Are you sure they are Ethernet and not FastEthernet or GigabitEthernet. If it is a FastEthernet or GigabitEthernet then you can not use just Ethernet.

When the sensor connects to the router it will execute:

configure terminal

interface

If the sensor is giving you an error, then it is most likely that the router itself is giving an error when trying to execute the interface command with that interface.

The best way to deal with this is to execute "show run" on the router and use the exact same name for the interface as listed in the "show run" output.

0 Helpful

jackmacmad
Level 1
Level 1
In response to marcabal

‎07-21-2005 02:19 PM

I've checked and double checked the interface name. Pasted it directly from the output of a show run, still no luck. Also I've noticed that the NetDevice shows as Inactive, even though as mentioned, I can see the sensor logged into the router from a 'show users' output.

Anything else I could be missing out on here?

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to jackmacmad

‎07-22-2005 08:25 AM

If your sensor is connecting to the routers using telnet (and not ssh) then their is additional debugging you can do.

Create a service account on the sensor, and login with the service account.

Switch to user root (same password as service account).

Now run tcpdump on the management interface to capture traffic between the sensor and the router.

Now go through IDM and Block/Shun a new Host IP Address.

Wait a minute or 2.

Now stop the capture, and analyze the captured packets.

You should see the sensor log into the router and go through the command to add an acl to the interface.

Look for any errors that the router may be returning.

Marco

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card