Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Troubleshooting IDS 4215 sensing interface

Hello!

I'm deploying IDS4215 with sensing interface (Fa0/1) connected to Cat3750 Gig1/0/1 SPAN interface.

The problem is as follows. The IDS works for some time (I'm able to see alerts and 'show int' states that Fa0/1 is up). Then after a while Fa0/1 goes down I don't know why.

The Cat3750 shows that status of Gig1/0/1 turns from 'monitoring' to 'notconnect'. All I can do is to reboot IDS.

Catalyst shows no errors on interface.

I'm novice to IDS, and I appreciate any idea where to start troubleshooting.

Thanks in advance!

PS.

Catalyst settings:

interface GigabitEthernet1/0/1

description IDS span

duplex full

speed 100

end

monitor session 1 source interface Gi1/0/27 - 28

monitor session 1 source interface Gi2/0/27 - 28

monitor session 1 destination interface Gi1/0/1

IDS config:

! ------------------------------

! Version 5.1(1)

! Current configuration last modified Thu Dec 22 10:11:22 2005

! ------------------------------

service interface

physical-interfaces FastEthernet0/0

duplex auto

speed auto

exit

physical-interfaces FastEthernet0/1

description FE0/1

admin-state enabled

duplex full

speed 100

exit

exit

! ------------------------------

service analysis-engine

virtual-sensor vs0

physical-interface FastEthernet0/1

exit

exit

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Troubleshooting IDS 4215 sensing interface

I believe there is something seriously wrong with version 5.1(1). Why Cisco continues to allow users to download is beyond comprehension. I will be rebuilding about 20 sensors today because of this issue. I rebuilt 6 sensors on Friday [from an ISO image, models 4235,4240,4255] and let them run over the weekend. 5 out of 6 have the sensing interface down again.

3 REPLIES
Community Member

Re: Troubleshooting IDS 4215 sensing interface

Are you passing gigabit traffic? The 4215 is rated at 85mbps.You may be asking it to inspect to much traffic. I believe you can issue a "show interface FastEthernet0/1" and look for "missed" or "dropped" counter to see if the sensor is missing packets. Good indicator that the sensor is oversubscribed.

Your cat config looks like you spanning two ports to one, that could be to much for the sensor to inspect.

Not sure if this helps or not.

Good luck.

Community Member

Re: Troubleshooting IDS 4215 sensing interface

Gold

Re: Troubleshooting IDS 4215 sensing interface

I believe there is something seriously wrong with version 5.1(1). Why Cisco continues to allow users to download is beyond comprehension. I will be rebuilding about 20 sensors today because of this issue. I rebuilt 6 sensors on Friday [from an ISO image, models 4235,4240,4255] and let them run over the weekend. 5 out of 6 have the sensing interface down again.

174
Views
0
Helpful
3
Replies
CreatePlease to create content