Adding additional NIC on IDS 4210 for inline mode operation in 5.1code

Unanswered Question
Dec 10th, 2007

I recently acquired a Cisco IDS 4210 through ebay and the unit was already configured with 512MB and IPS 5.1 code (byt the seller). Nonetheless given the unit only has 2 NIC (one for sensing and one for managment access)I can't configure inline mode operation (as it requires a pair).

I notice that there is another PCI slot in the unit and was wondering if I can add another PCI NIC into the unit to configure inline mode operation. I would appreciate if anyone can share their experience if they tried something similar before. Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
marcabal Mon, 12/10/2007 - 12:55

The IDS-4210 will not support an additional NIC.

To do inline monitoring you will have to use InLine Vlan Pairing rather than InLine Interface Pairing.

With InLine Vlan Pairing you connect the single monitoring interface to a switch trunk port, and in the IPS configuration create inline vlan pairs. The sensor does inline monitoring as it passes packets between the 2 vlans.

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df7d.html#wp1047718

However, understand that the IDS-4210 is almost at End of Service (End of Service is Dec 6, 2008). The platform is several years old, and was end of Saled back in 2003.

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_eol_notice09186a008032d508.html

End of Sale announcements for IPS sensors are located here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_eol_notices_list.html

The last date for renewing an existing service contract was Dec 6, 2007. And the last date of support on any contract is Dec 6, 2008.

You need a service contract to get a license which is needed for loading signature updates.

So the IDS-4210 will only get signature updates for another year IF you already have a contract.

If you don't have a service contract I am not sure if you can get one anymore, as the last date to order a new contract was back in 2004.

The IDS-4210 is not supported with IPS 6.0(1) and later versions. So you are forced to run the older 5.1 software.

If you got a really good price on it, and are just using it for learning then you should be able to use the 4210 to learn the IPS features. I have heard of several people doing this, especially in preparing for IPS certification.

BUT if you are intending to protect your network with it, then you probably won't be able to run the latest signature updates and won't be able to protect your network from the latest attacks. In this situation I would talk to a Cisco representative and see if there is any trade-in discount to upgrade to an IDS-4215.

wingchingleung Mon, 12/10/2007 - 13:06

Thanks for the info. I just bought this unit for my own lab in preparation for the IPS exam. Thanks !

Actions

This Discussion