Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSPM fails to talk to IDS

I have the following configuration on the IDS

Sensor:

IP Address: 204.142.253.99

Netmask: 255.255.255.0

Default Gateway: 204.142.253.254

Host Name: IDS

Host ID: 99

Host Port: 45000

Organization Name: ECC

Organization ID: 100

--MORE--

Director:

IP Address: 204.142.253.98

Host Name: CSPM

Host ID: 98

Host Port: 45000

Heart Beat Interval (secs): 5

Organization Name: ECC

Organization ID: 100

Direct Telnet access to IDSM: enabled

Current access list entries:

[1] 204.142.253.98

[2] 204.142.253.55

[3] 204.142.253.55 0.0.0.0

but still I am not able to telnet or ping 204.142.253.99 (IDS) from 204.142.253.98 (CSPM) or 204.142.253.55

I am not sure of the following:

1.how to assign the host id?

2.how to assign mask with IP addresses allowed to access IDS via telnet

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: CSPM fails to talk to IDS

If you can't ping the IDS then it is usually because the command and control vlan hasn't been setup yet.

1) Determine which vlan is used for the 204.142.253.0 network.

2) Ensure that CSPM is connected to the switch through a port in that same vlan (either directly, or through a hub or another switch).

3) Assign the command and control port of the IDSM to that vlan (this is the part many people forget): set vlan vlan# mod#/2 example: set vlan 100 5/2

4) Verify that CSPM can ping both the Default Gateway 204.142.253.254 and the IDSM.

5) Verify that IDSM can ping both the Default Gatewate and CSPM.

As for your questions:

Using the last octet of the ip address is general practice, expecially when all machines are on the same network. If you are dealing with IDS sensors on multiple networks you would need to come up with your own convention. NOTE: The hostid in CSPM was assigned during the installation of CSPM. You need to ensure that the hostid used during the CSPM install is the same one you entered for CSPM during the setup prompts on the sensor.

The masking used in the access list works exact opposite of a normal netmask. For example with a class C the normal netmask would be 255.255.255.0, but in the access list you need to represent it as 0.0.0.255. You are telling the sensor which bits are variable rather than which bits are for the network.

To allow your entire 204.142.243.0 network you would use the 0.0.0.255 mask.

2 REPLIES
Silver

Re: CSPM fails to talk to IDS

Use the Add wizard sensor on the CSPM to do this.

Cisco Employee

Re: CSPM fails to talk to IDS

If you can't ping the IDS then it is usually because the command and control vlan hasn't been setup yet.

1) Determine which vlan is used for the 204.142.253.0 network.

2) Ensure that CSPM is connected to the switch through a port in that same vlan (either directly, or through a hub or another switch).

3) Assign the command and control port of the IDSM to that vlan (this is the part many people forget): set vlan vlan# mod#/2 example: set vlan 100 5/2

4) Verify that CSPM can ping both the Default Gateway 204.142.253.254 and the IDSM.

5) Verify that IDSM can ping both the Default Gatewate and CSPM.

As for your questions:

Using the last octet of the ip address is general practice, expecially when all machines are on the same network. If you are dealing with IDS sensors on multiple networks you would need to come up with your own convention. NOTE: The hostid in CSPM was assigned during the installation of CSPM. You need to ensure that the hostid used during the CSPM install is the same one you entered for CSPM during the setup prompts on the sensor.

The masking used in the access list works exact opposite of a normal netmask. For example with a class C the normal netmask would be 255.255.255.0, but in the access list you need to represent it as 0.0.0.255. You are telling the sensor which bits are variable rather than which bits are for the network.

To allow your entire 204.142.243.0 network you would use the 0.0.0.255 mask.

90
Views
0
Helpful
2
Replies
CreatePlease login to create content