The first version of Cat IOS to support the IDSM (IDS Module for the Cat 6000) is 12.1(8a)EX.
However, the IDSM is only supported if 12.1(8a)EX is loaded on a Sup2 w/ MSFC2.
It is not supported with Sup1a. Sup1a Cat IOS support for the IDSM will be in a future version.
It supports both version 2.5 and version 3.0 of the IDSM.
3.0 of the IDSM will support shunning, but not TCP Resets or IP Logging.
2.5 of the IDSM does not support shunning, TCP Resets or IP Logging.
So I recommend ordering or upgrading to 3.0.
3 methods can be used to send packets to the IDSM.
1st is the monitor command (similar to span in Cat OS).
2nd is the VACL capture feature (similar features as VACL capture in Cat OS, but configuration looks really different)
3rd is the "mls ip ids" command. This will use an acl to mark packets for capture as they are routed through an interface.
As for support with the IDS Appliance (IDS-42xx)
Only the monitor command (span equivelant) can be used to send packets to the appliance. Future Cat IOS versions may support VACL capture and the "mls ip ids" command to send packets to the appliance, but I am told that current versions do not.
As for the TCP Resets, I have not heard of any changes being made to Cat IOS, but there changes being made to the sensor. But I am not sure if Cat IOS allows packets to be received from the monitor ports??
Currently if the switch does allow resets in on the monitor port then it could mess up the CAM tables of the switch (Cat OS has the learning disable feature to prevent this), but with future versions of the sensor (available in a few weeks) we hope to have eliminated the CAM table problem. So with future appliance sensor versions, if the switch lets packets in from the monitor port, then the TCP Resets shoul work without causing a problem. (Note: Still to be tested so I can't guarantee anything yet).
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...