01-22-2004 09:46 AM - edited 03-09-2019 06:12 AM
I installed IDSM v2 in my 6509 switch. I run a setup command and configured control interface and assigned an ip address to it. However, I can't ping it from any of my workstations. I did not apply any access-list to it. I think I know why I can't do it is becuase the interface is not in a proper VLAN. This is a question which is a management/control interface for IDSM v2. Thanks in advance
01-22-2004 01:31 PM
Sorry for the confusion this was accidentally left out of the user docs, and is being added in the next revision of the docs.
For Cat OS:
Port 2 is the command and control interface.
place it in the proper vlan
Port 1 is a TCP Reset interface (no extra configuration needed).
Port 7 and 8 are the sniffing interfaces (need span or VACL Capture configurations to get traffic to them).
For Native IOS:
managememt-port is the command and control port
data-port 1 and 2 are the sniffing interface corresponding to sensing interfaces 7 and 8.
NOTE: Use the intrusion-detection module command for configuring the IDSM-2 ports.
01-22-2004 02:56 PM
Thanks for the advice but I could not find the commands that you mention. I am running Native IOS Version 12.1(19)E. I pressume I have to be in config t mode. Let me know what I am doing wrong. Also if you have modified documentatin that I can take a look at I would really appreceate it
01-23-2004 07:00 AM
Hi Max,
As I recall, IOS 12.1(19)E is the minimum version for sup2/msfc2 while IOS 12.1(19)E1 is the minimum version for sup1a/msfc2. I suggest you upgrade IOS to 12.1(19)E1. I'll look for documentation about the IOS versions and switch configurations that support the IDSM2. What type of supervisor and MSFC/PFC does your switch have?
By the way...
Here's a link to configuring IOS to send traffic to the IDSM2:
What's missing in that documentation are instructions for configuring the IDSM2 command/control port in IOS. To put the IDSM2 command/control port into the proper VLAN, use the following commands via the IOS CLI on your switch:
config t
intrusion-detection module
exit
wr mem
01-23-2004 08:29 AM
I am running Sup1a with MSFC1. And now i am getting confused one document states it is suppored and the other document statest it does not. Here are the links for both documents
01-23-2004 11:07 AM
The Data Sheet is correct.
In Native IOS, the Sup1a with MSFC2 is supported but not the Sup1a with MSFC1.
It is wrong in the powerpoint presentation comparing the IDSM-1 and IDSM-2. The powerpoint presentation had been posted prior to release of the Native IOS support, and a mistake was made in listing which combinations were supported.
01-23-2004 04:30 PM
Well do you think there is a problem with this statement? I just went and spent $40,000 on equipment that should work with my current infrastructure and it is not because there is wrong documentation posted on cisco site. Can you correct this issue; so at least other people would not find this out the hard way. I am definitely be calling my account rep and let him know about this as well. Thanks you all of you who helped me.
01-30-2004 08:32 AM
I have another question related to this. The PPT shows Sup2 approved. The Datasheet shows Sup2 w/o PFC2 as not supported. So a PFC2 card is required for use with the Sup2?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide