cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
922
Views
2
Helpful
9
Replies

IDS 4235 signature update problem

yokobosky
Level 1
Level 1

I have a IDS 4235 with 6.0(2)E1 installed. However, I cannot update the Signature definitions due to there being no license key on the box. But I can't add our license key because there is no serial number listed in the config or through the IDM. Is there a way to tell the system it's serial number?

Thanks In Advance

Nathan

9 Replies 9

marcabal
Cisco Employee
Cisco Employee

One of 3 possible causes:

1) Hardware problem. Call the TAC and request an RMA of hardware. (You will need to have your service contract number handy).

2) Hardware was previously worked on and the serial number was not correctly reprogrammed on the system. There was a hardware issue a couple of years ago and repairs done on many units, but as part of the repair the serial number was supposed to have been reprogrammed on the replaced part but was not. If this happened on your unit, then contact the TAC. They will either be able to assist you in programming the serial number on the unit, or more than likely will RMA your unit.

3. Or the hardware was not purchased direct from Cisco and may be a counterfeit sensor. It may look like a Cisco 4235, but not have been purchased from Cisco and won't have a Cisco serial number.

So end result contact the TAC and you will likely need to RMA the sensor.

Thanks for the advice... I am waiting on a contract correction to submit the TAC. I was hopping there would be a way to solve the issue without RMA. =[

I am curious as to why the serial number does not show up. If logged into the CLI, a show version should display the model and s/n with much more information.

Is it possible to post the results of the show version?

It is not listed in the sho version command. that line is just blank.

Serial Number:

I am currently re-applying the image and will post the output later. this very weird to me...

that seems very odd.

Hopefully the re-image will take care of it. Otherwise it sounds like an RMA situation.

Is there a way to set the serial no. throw the linux boot partition? Has anyone had to try this?

I just noticed an error message... see below

sh ver below also...

__________________________________________________

*** ERROR: UNSUPPORTED HARDWARE DETECTED

This Cisco Systems IDS software version is not supported on this

hardware platform. Some capabilities will not be available.

For assistance, contact Cisco Systems Technical Assistance Center.

***LICENSE NOTICE***

There is no license key installed on the system.

The system will continue to operate with the currently installed

signature set. A valid license must be obtained in order to apply

signature updates. Please go to http://www.cisco.com/go/license

to obtain a new license or install a license.

IDS# sh ver

Application Partition:

Cisco Intrusion Prevention System, Version 5.1(5)E1

Host:

Realm Keys key1.0

Signature Definition:

Signature Update S278.0 2007-03-28

Virus Update V1.2 2005-11-24

OS Version: 2.4.26-IDS-smp-bigphys

Platform: IDS-4235

Serial Number:

No license present

Sensor up-time is 38 min.

Using 854224896 out of 923484160 bytes of available memory (92% usage)

system is using 17.4M out of 29.0M bytes of available disk space (60% usage)

application-data is using 36.8M out of 174.7M bytes of available disk space (22% usage)

boot is using 35.3M out of 75.9M bytes of available disk space (49% usage)

application-log is using 532.6M out of 2.8G bytes of available disk space (20% usage)

MainApp 2007_FEB_02_15_58 (Release) 2007-02-02T16:04:00-0600 Running

AnalysisEngine 2007_FEB_02_15_58 (Release) 2007-02-02T16:04:00-0600 Running

CLI 2007_FEB_02_15_58 (Release) 2007-02-02T16:04:00-0600

Upgrade History:

IPS-K9-sp-5.1-5-E1 15:58:00 UTC Fri Feb 02 2007

--MORE--

that is very interesting. The sensor is still showing as ver 5. Is the error message from when trying to upgrade to ver 6?

What I try next, is to do the recover to factory defaults. Then once that is completed and functioning without errors, then I would try the upgrade again.

Another possibility is to upgrade the app partition with the latest ver 6 image, and then restore to app partition. That should bring it to a clean ver 6 install from the image.

But unfortunatly, untill you get a license on this sensor, you will not be able to apply any sig updates.

Right now, it almost appears that something was corrupted during the install and it is trying to utilize portions of both ver 5 and ver 6. I have never seen that before, but with some of the goofy things we have seen with these sensors, it wouldn't surprise me.

Other than that, opening a TAC case would be the only other option. But you need a serial number to do that online. You may have to call them to accomplish this.

Please post what happens, I am curious to see what corrects this.

I actually re-imaged to v5.1.5(E1) before I made that capture.

I thought maybe v6.0.2(E1) wasn't fully supported. I am using the 4325 Recovery .iso images from the cisco page. Is that correct?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: