Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

is IDS 4210 a linux or a solaris?

it is said 4210 is a solaris pc,and the default username is root,passwd is attack,but mine is a linux pc,its username passwd are all cisco,why?

11 REPLIES
New Member

Re: is IDS 4210 a linux or a solaris?

Most likely it's the version of IDS code running on the sensor.

Versions of the IDS Sensor software prior to version 4.0 ran on top of a Solaris x86 OS. Version 4.0 migrated over to a Linux-OS.

Hope this helps,

Chad

New Member

Re: is IDS 4210 a linux or a solaris?

hi,but in the 4210,it seems there is no a command to enable IDM,there is only one command named setup,it can setup some info such as ip address,etc.but how can I config it so that i can use IDM(like https://) to manage it ?and how I config the org ID and host id?

Silver

Re: is IDS 4210 a linux or a solaris?

Hi Chad,

By default IDM is on. The web server needs to be ON for the management stations communication, hence the default is ON for IDM.

Answer to your second question is that on 4.x there is no concept of OrgID/HOST ID etc. The communication architecture has completely being changed. Now, on 4.x communication is based on RDEP i.e, management station and the sensor communicates on https (SSL) There is a built in web server that provides the support for https communications. So, all you need to do is config the web server and allow

New Member

Re: is IDS 4210 a linux or a solaris?

thanks,first.

but when I input "https://x.x.x.x",x.x.x.x is the ip address of the 4210,but there is no any response, and I have start the webserver.

can I conclude that CSPM 2.3.3i can't manage sensor whose version is above 4.x?

Cisco Employee

Re: is IDS 4210 a linux or a solaris?

Jeff,

You are right, 4.x sensors cannot be managed by CSPM. The only management platforms for 4.x is the IDSMC 1.1 and above and the inbuilt IDM/IEV.

Please refer to the below url for configuration of the 4.x sensor to be able to use IDM/IEV;

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids9/idmiev/swchap1.htm#144

Hope this helps,

Thanks,

yatin

Cisco Employee

Re: is IDS 4210 a linux or a solaris?

SIDE COMMENT:

When you recieved your IDS-4210 from Cisco it was likely pre-loaded with version 4.0.

It did, however, get shipped with a 3.1 Recovery CD as well.

If you are using CSPM and have not yet been able to upgrade to VMS (IDS MC and Security Monitor) then you can re-image your new IDS-4210 sensor to the older version 3.1 code so you can continue using CSPM until you get a chance to upgrade to VMS.

New Member

Re: is IDS 4210 a linux or a solaris?

hi,the default username of 4210 is root or cisco?mine is cisco.how can I know if the VMS is ready?

thanks

Cisco Employee

Re: is IDS 4210 a linux or a solaris?

On the older version 3.x sensors you had to initially login as root to configure the sensor, and then login as user netrangr for additional configuration and management of the sensor.

In the newer version 4.x sensors you need to login with the "cisco" userid and password. In 4.x you can then create additional usernames.

Since the username on your box is "cisco" then I would be 99.9% sure you are running version 4.x.

If you are using CSPM or Unix Director then you would need to stick in the 3.1 CD shipped with your sensor and re-image it the older 3.1 version that will work with CSPM.

If you are using VMS then VMS works fine with the newer version 4.x sensors.

If you are using CSPM or Unix Director and would like to upgrade to VMS then contact your Cisco Representative. Depending on how you originally purchases CSPM or Unix Director and what support contract you purchased will determine the cost (if any) for you to upgrade to VMS.

Cisco Employee

Re: is IDS 4210 a linux or a solaris?

Hi Jeff,

As Chad said, the 3.x version was a Solaris based IDS. Starting 4.0, the IDS software is Linux-based. This has enabled us to incorporate several new features / capabilities into the product such as multiple sniffing interfaces on certain platforms, gigabit sensing, and quite a few others that are coming up in the subsequent releases.

Thanks,

yatin

New Member

Re: is IDS 4210 a linux or a solaris?

hi,my version is IDS-K9-MAJ-4.0-1-S36,I

conf t

service webserver

default ports

default server-id

default tls-enable

then I reload the ids,but I still can't open the IDS with "https://x.x.x.x(sensor's ip address) in IE 6.0.

btw,both the sniffer port and the common port are connected in the same network(inside of pix)

Cisco Employee

Re: is IDS 4210 a linux or a solaris?

Have you added your list of allowed ip addresses.

By default in 4.0, only 10.0.0.0 network ip addresses are allowed to access the sensor. You have to add in any other ip addresses that you want to give access to.

Refer to step 9 in the initialization steps in the following link:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids9/hwguide/hwchap4.htm#364031

It explains how to configure the accesslist to allow your ip address to access the box.

Other things to try:

Try to ssh to the sensor from the same box you are trying to web browse from. If you can ssh into the sensor from this machine then your network parameters and accesslist are fine and there may be a problem with the sensor's web server.

If you can't ssh into the box then recheck the network parameter settings and accesslist settings on your sensor.

138
Views
0
Helpful
11
Replies
CreatePlease login to create content