Cisco Support Community
Community Member

CLI command for IDS4235 ver4.0 to communiate with VMS.


Would appreciate if someone could advise on how to configure the IDS 4235 ver 4.0 for postoffice settings via the cli. And is there any difference for the configuration on both the IDS MC & SM if I'm going to replace the version 4 IDS with the ver 3.x?

Thanks alot in advance,

Moh Fun.

Community Member

Re: CLI command for IDS4235 ver4.0 to communiate with VMS.

I am explaining you step by step

1) You need to upgrade the bios first for th IDS 4235 (connect keyboard and Monitor directly to sensor).

2) Upgrade the 4235 Sensor with 4.X CD.

3) Logon on to Sensor 4235 using name cisco and password cisco.

4) Run the setup command and configure basic parameters like IP and name and access restriction. (There is no sysconfig-sensor command, no host an org IDs). The interface for IDS 4.x is like cisco IOS).

5) The new version 4.x is using RDEP instead of Postsoffice.

6) if u have VMS 2.1 you need to upgrade it to 2.2 or otherwise u need atleast to upgrade IDSMC 1.0 to 1.1. But its batter to upgrade the VMS 2.2 so u will not face problems and IDSMC will be upgrated directly through VMS 2.2. If u are running VMS 2.1 you can upgrade VMS 2.2 demo version and it will be fully functional.

7) Then add the sensor into IDSMC and configure all the settings, the interface for IDSMC 1.1 is almost same like 1.0.

Sensor 4.x will not supported by CSPM.

Hope this is enough information for upgrading the IDS into 4.x Platform.

Community Member

Re: CLI command for IDS4235 ver4.0 to communiate with VMS.

Hi Fayyaz,

First of all, thanks alot for your guidance.

In fact, the IDS shipped was already come with the ver 4.0 OS and the IDSMC is already running 1.1.1 before the message was posted. But, it would be very much appreciated it you could advise me wat would be the problem if it is running VMS 2.1 with only the IDS MC & SM tat was upgraded to 1.1.1?

Also, other than the "setup" command used in the IDS v4.0 to configure the basic settings, there won;t be requirements to configure the settings, which in this case RDEP?

Thanks again,

Moh Fun.

Community Member

Re: CLI command for IDS4235 ver4.0 to communiate with VMS.

For what it's worth - I'm currently running VMS 2.1 with IDS MC v1.1.1 supporting version 4.0/4.1 sensors without any issues.

I haven't seen VMS 2.2 so I couldn't tell you directly why it's better than 2.1. Looks to me like it's a pay-to-upgrade situation, and I haven't seen a compelling reason yet to spend for the "dot-1" upgrade.


Cisco Employee

Re: CLI command for IDS4235 ver4.0 to communiate with VMS.

The VMS 2.2 upgrade is included with the standard maintenance contracts for VMS at no additional charge.

You need to keep both your sensors and VMS maintenance contracts up to date to continue getting the newest versions.

Cisco Employee

Re: CLI command for IDS4235 ver4.0 to communiate with VMS.

In version 3.x sensors there was postoffice which required that the sensor know the VMS boxes Ip Address, Hostname, Hostid, Orgname, and Orgid, and that the IP Address of the VMS box was in the host.allow file.

In version 4.x with RDEP there are no longer Hostid, and Orgid parameters. The IDS Management Center uses ssh to connect to the sensor. The sensor therefore, needs to allow the IDS MC IP address in the sensor's access list (host.allow file) which is configurable in the CLI (and is in the setup command in 4.1), and have a username and password that the IDS MC can use to access the sensor.

The Security Monitor uses HTTPS to access the sensor. If Security Monitor is on a different box then the IDS MC then the Security Monitor IP Address must also be allowed in the sensor's access list. The Security Monitor can use the same username as the IDS MC or a second username can be created for use by Security Monitor.

SO the 4.x sensor side configuration for access by VMS is restricted to:

1) permitting the IP Addresses of the VMS boxes

2) having usernames for the VMS boxes to access the sensor (or they can use the default cisco user id)

CreatePlease to create content