Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

IDSM-2 Password and config guide

Hello, i need some help here about IDS, i'm so noob about IDS.

Like another ppl's case before, i also can't access the IDS module. It's likely that someone changed the password before and i'm the new guy in this company. And it's never activated in 6500 switch before. As i see there's no configuration in show run | inc intrusion-detection.

I think about reimage cause i have no idea what is the login of root and service in IDS as i read in documentation.

I can only access login with user : guest and pass : cisco. After i reset the cf:1 and it goes to maintenance image version 2.1(2).

When i show module in 6500 switch, it shows :

Mod Ports Card Type Model Serial No.

--- ----- -------------------------------------- ------------------ -----------

4 8 Intrusion Detection System (MP) WS-SVC-IDSM-2 SAD104400HR

Mod MAC addresses Hw Fw Sw Status

--- ---------------------------------- ------ ------------ ------------ -------

4 0019.0628.0602 to 0019.0628.0609 6.2 7.2(1) 2.1(2)m Ok

Mod Sub-Module Model Serial Hw Status

--- --------------------------- ------------------ ------------ ------- -------

4 IDS 2 accelerator board WS-SVC-IDSUPG ADBG63900378 2.5 Ok

Mod Online Diag Status

--- -------------------

4 Pass

and when i show version and image in the IDS as "guest", it shows :

guest@localhost.localdomain#show version

Maintenance image version: 2.1(2)

mp.2-1-2.bin : Thu Nov 18 11:41:36 PST 2004 : integ@kplus-build-lx.cisco.com

Line Card Number :WS-SVC-IDSM2-XL

Number of Pentium-class Processors : 2

BIOS Vendor: Phoenix Technologies Ltd.

BIOS Version: 4.0-Rel 6.0.9

Total available memory: 2012 MB

Size of compact flash: 122 MB

Size of hard disk: 38154 MB

Daughter Card Info: Falcon rev 3, FW ver 2.1.3.1 (IDS), SRAM 8 MB, SDRAM 256 MB

guest@localhost.localdomain#show images

Device name Partition# Image name

----------- ---------- ----------

Hard disk(hdd) 1 5.0(2)

For the show config above, what image should i get to reimage this IDS? And could you give me the link? And give me the link the link of config guide to this stuff. And for one thing, i just found 1 IDSM-2 module in 6500 and no IDSM-1 as i know as sensor. Could i use IDSM-2 standalone to detect malicious traffic and packet?

Thanks before and sorry for being so noob and asking too much ^.^

4 REPLIES
Cisco Employee

Re: IDSM-2 Password and config guide

Password Recovery Procedure for the Cisco IDS Sensor and IDS Services Modules (IDSM-1, IDSM-2)

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_password_recovery09186a0080094e83.shtml

New Member

Re: IDSM-2 Password and config guide

Hi Yusuff,

Could i set the IDSM-2's log into syslog application like kiwi?

New Member

Re: IDSM-2 Password and config guide

Absolutely, here is one for you, http://www.intersectalliance.com/projects/SnareBackLog/index.html

They sell a full blow one but I don't know how it is we use Cisco MARS to do event correlations.

Heres the snmp link you need.

http://cco/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a0080459221.html#wp1054534

New Member

Re: IDSM-2 Password and config guide

308
Views
0
Helpful
4
Replies
CreatePlease to create content