Re: 4215 no interfaces

charles.pike · ‎07-27-2004

On a 4215 running 4.1, no "interface" choice

appears under the IDS Device Manager TOC

Configuration>Sensing Engine

So how do I get started?

mkodali · ‎07-27-2004

If you are running 4.1 on 4215 you should see the "Interfaces" as the first item on the TOC. Are you sure you are running 4.1 and not 4.0? Can you pl copy paste the output of "show version" to verify the version of software ?

charles.pike · ‎07-27-2004

You're right; it's version 4.0. I'll

upgrade to 4.1. Cheers.

charles.pike · ‎07-27-2004

So I go to upgrade and I get this error:

Error: This update is for use on a 4215 only. Updated aborted.

The box is definitely a 4215 (I double checked).

#upgrade

http://addr/IDS-4215-K9-r-1.1-a-4.1-1-S47.tar.pkg

Warning: Executing this command will re-image the recovery partition. The system may be rebooted to complete the upgrade.

Continue with upgrade? : yes

Error: This update is for use on a 4215 only. Updated aborted.

mkodali · ‎07-27-2004

Can you please copy-paste the "show version" output ? Want to double-check at our end.

charles.pike · ‎07-27-2004

Full "show version" output:

sensor# show vers

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.0(1)S37

OS Version 2.4.18-5smpbigphys-4215

Platform: unknown

Sensor up-time is 1 min.

Using 206716928 out of 526311424 bytes of available memory (39% usage)

Using 62M out of 17G bytes of available disk space (1% usage)

MainApp 2003_Jan_23_02.00 (Release) 2003-01-23T02:00:25-0600 Running

AnalysisEngine 2003_Jan_23_02.00 (Release) 2003-01-23T02:00:25-0600 Running

Authentication 2003_Jan_23_02.00 (Release) 2003-01-23T02:00:25-0600 Running

Logger 2003_Jan_23_02.00 (Release) 2003-01-23T02:00:25-0600 Running

NetworkAccess 2003_Jan_23_02.00 (Release) 2003-01-23T02:00:25-0600 Running

TransactionSource 2003_Jan_23_02.00 (Release) 2003-01-23T02:00:25-0600 Running

WebServer 2003_Jan_23_02.00 (Release) 2003-01-23T02:00:25-0600 Running

CLI 2003_Jan_17_18.33 (Release) 2003-01-17T18:33:18-0600

Upgrade History:

IDS-K9-maj-4.0-1-S36 13:08:04 UTC Tue Jul 27 2004

Recovery Partition Version 4.1(1)S47

sensor#

charles.pike · ‎07-27-2004

More info - the platform shows up as "unknown"

and the failed upgrade also hoses the recovery

partition.

#show vers

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.0(1)S37

OS Version 2.4.18-5smpbigphys-4215

Platform: unknown

mkodali · ‎07-27-2004

The show version reveals the sensor already has the 4.1 (1) in the recovery partition. I would suggest to recover the application partition using that partition files and you should be ok. There won't be any need to upgrade to 4.1(1). 4215 was release with 4.1(1) version of the IDS, hence you see the Platform Unknown when having 4.0 in the application partition. The steps to perform recovery would be :

"configuration term" -> "recover application-partication" -> "yes". Sensor should reboot and come back with 4.1(1) in the application partition.

charles.pike · ‎07-28-2004

There is nothing in that partition. I suppose

that is the hosed partition from the "update aborted".

rwassom · ‎07-28-2004

Where were you looking? The recovery partition is not mounted by default. The /mnt/recovery mount point is only used to mount the recovery partition when it is upgraded using the CLI. It will be empty otherwise.

charles.pike · ‎07-28-2004

I chose to boot the recovery partition from GRUB it and it couldn't find anything.

rwassom · ‎07-28-2004

I think marcabal hit the nail on the head. The installation failed to complete successfully, which included the recovery partition files.

Was this sensor new when you received it, or when/how was it re-imaged last? If new, please send me the SN from the sensor so I can research this problem with manufacturing. You can e-mail me directly at rwassom@cisco.com if you want.

-Rusty

marcabal · ‎07-27-2004

Are you positive this is a 4215?

The 4215 did not support the 4.0(1)S37 software.

4.0(1)S37 was only supported on the 4210, 4220, 4230, 4235, and 4250.

The IDS-4215 was first shipped with 4.1(1)S47.

If the sensor has a cdrom it is not a 4215, and is instead one of the other models.

Options for the other models:

1) Re-image from CD

2) Or install IDS-K9-min-4.1-1-S47.rpm.pkg and IDS-K9-sp-4.1-4-S91.rpm.pkg to get to 4.1(4)S91

(NOTE: If the Platform stays "unknown" you really need to try re-imaging from the CD because the software is having trouble detecting what type of sensor it is. This could prevent the sensor from being properly configured. It could be caused by a corrupted installation, or a hardware failure)

If the sensor does not have a CDROM drive then it may well be a 4215 inwhich case where did you get this? Was this a purchase from Cisco or was this an early demo box from before the 4215 was officially shipping?

If it is a 4215 you could try re-imaging the BIOS with IDS-4215-bios-5.1.7-rom-1.4.bin, and then using the new BIOS to load a new 4.1(4) image: IDS-4215-K9-sys-4.1-4-S91a.img

NOTE: All of the files listed above are available off of the links within this page under the Appliance section for 4.x:

http://www.cisco.com/kobayashi/sw-center/ciscosecure/ids/crypto/

charles.pike · ‎07-28-2004

Oh it is a 4215 alright. There is no cdrom and it

says "4215" on the front and back.

It is brand new. We just bought it. The only

commands that have been done on it were:

#setup and

#recover

charles.pike · ‎07-28-2004

As you suggested, I re-imaged the BIOS with IDS-4215-bios-5.1.7-rom-1.4.bin, and then

loaded IDS-4215-K9-sys-4.1-4-S91a.img with

rommon.

Everything seems to work fine now. Thanks

for your help.

Cheers.