Re: 6509 ids module can't communicate with network device

zoushan · ‎10-24-2002

I have one ids module installed in the 6509. I used the setup command to set the sensor's ip add :192.168.1.2 default gateway 192.168.1.1 . Then I set interface vlan 20 in msfc2, But the vlan 20 is down . I can't ping 192.168.1.2,

What is the problem?

jlimbo · ‎10-24-2002

Can you confirm that your IDSM blade is supported on the version you are running, maybe your interfaces are not recognized. The show mod should show the sub = no and status = ok. If this is all ok then make sure you put the right interfaces into the correct vlan. By default port 2 should be command and control port and should be assigned to the correct vlan.

wshall · ‎10-29-2002

Sorry to butt-in, I've got the same problem I believe. Just so I understand exactly:

I have a Vlan 240 which is where the IDS is to exist. From the 6500 I type SH Mod and see the module 4 (My IDS) port 1 is trunked, port 2 is on vlan1. Port 2 should be changed to Vlan 240 to have it configured correctly. Correct ?

marcabal · ‎10-30-2002

Correct,

The Control Port of the IDSM needs to be set on the vlan for the network to which it's IP Address has been assigned.

In your case: set vlan 240 4/2

NOTE: The vlan for the command and control does not have to be and is usually not the same as the vlan that is being monitored by port 1.

Port 1 by default trunks all vlans in the switch, but you may want to consider removing vlans from the trunk port that you will not be monitoring.