Do I have correct hardware to implement IDMS in catalyst 6006 and 6009?

sguerrero · ‎03-17-2003

Actually I have 2 questions:

1.- I have a backbone switch configured with VLANs. One of these VLANs is connected to the only router that has access to a VPN (I would sensor this access). The other VLAns are for users.

My question is: What kind of IDS would work better with my network topology? An IDS (hardware) or an IDSM (to sense all VLANs)?

2.- The hardware bellow is the one I have. In the case of selecting an IDSM, is it compatible with IDSM requirements?

SCPN_2> (enable) sh ver

WS-C6009 Software, Version NmpSW: 5.3(2)CSX

NMP S/W compiled on Oct 11 1999, 17:45:02

System Bootstrap Version: 5.2(1)

Hardware Version: 2.0 Model: WS-C6009 Serial #: SCA040500E7

Mod Port Model Serial # Versions

--- ---- ------------------- ----------- --------------------------------------

1 2 WS-X6K-SUP1A-2GE JAB040408LM Hw : 1.0

Fw : 5.2(1)

Fw1: 5.1(1)CSX

Sw : 5.3(2)CSX

Sw1: 5.3(2)CSX

2 2 WS-X6K-SUP1A-2GE JAB040204RY Hw : 1.0

Fw : 5.2(1)

Fw1: 5.1(1)CSX

Sw : 5.3(2)CSX

Sw1: 5.3(2)CSX

3 8 WS-X6408A-GBIC SAL05031UAB Hw : 1.3

Fw : 5.4(2)

Sw : 5.3(2)CSX

4 48 WS-X6248-RJ-45 SAD0407063Z Hw : 1.2

Fw : 5.1(1)CSX

Sw : 5.3(2)CSX

5 48 WS-X6248-RJ-45 SAD04030A09 Hw : 1.1

Fw : 4.2(0.24)VAI78

Sw : 5.3(2)CSX

6 48 WS-X6248-RJ-45 SAD04010648 Hw : 1.1

Fw : 4.2(0.24)VAI78

Sw : 5.3(2)CSX

7 48 WS-X6248-RJ-45 SAD04030A9G Hw : 1.1

Fw : 4.2(0.24)VAI78

Sw : 5.3(2)CSX

8 4 WS-X6302-MSM SAD03304172 Hw : 2.0

Fw : 12.0(1a)WX5(6d),

Sw : 12.0(1a)WX5(6d),

marcabal · ‎03-17-2003

Both the IDS module and the IDS appliance could be used. Both the module and appliance rely on either span or VACL Capture to receive packets, so the appliance can be configured to monitor the same packets that a module can be configured to monitor. The advantage that the module has is primarily space (takes up an existing slot in the switch instead of extra rack space), power (gets power from backplane instead of an external power outlet), and remote administration (can be powered off and on remotely through supervisor).

So the choice between a module and appliance is primarily one of preference.

If you do decide to go with a module then I recommend purchasing the IDSM2 which is the 2nd generation module which starts shipping later this month.

If you go with a module then you will need to upgrade your Cat OS version to the latest version: 7.5(1).

If you intend to use VACL Capture rather than Span for monitoring the packets then you will need either a PFC (or PFC2) or an MSFC (or MSFC2) on the Supervisor. (I can't verify with your output whether or not you have a PFC or MSFC).

The rest of your switch setup looks fine and should work with the IDS module.

sguerrero · ‎03-17-2003

How could I check if already have PFC or MFC in my equipment? With which show command could I know this?

Thank you.

marcabal · ‎03-17-2003

Execute "show module"

The MSFC will show up as a module in slot 15 (slot 16 for the sup in slot 2).

the PFC will show up in the list of SubModules at the very bottom of the "show module" output.

Example:

cat-136> (enable) show mod

Mod Slot Ports Module-Type Model Sub Status

--- ---- ----- ------------------------- ------------------- --- --------

1 1 2 1000BaseX Supervisor WS-X6K-SUP2-2GE yes ok

15 1 1 Multilayer Switch Feature WS-F6K-MSFC2 no ok

(......above you notice the listing for the MSFC2........)

(.......multiple lines skipped in output .......)

Mod Sub-Type Sub-Model Sub-Serial Sub-Hw

--- ----------------------- ------------------- ----------- ------

1 L3 Switching Engine II WS-F6K-PFC2 SAD040801JB 0.305

(......above you notice the listing for the PFC2........)