Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Problems with shunning

When I try to implement shunning I get the following:

0/16/2002 14:02:15UTC E Net Device offline at address [1.1.1.1] State [Connecting] SubState [Ini

tial], resetting now.

10/16/2002 14:02:59UTC E Can not set send bufsize on socket

10/16/2002 14:02:59UTC E Can not set recv bufsize on socket

10/16/2002 14:02:59UTC E Read error [Invalid argument] fd [3]

Note** IP address was changed. Actual IP is a routeable address.

I have looked everywhere and cannot find any documentation on these errors.

Any help would be appreciated.

Chris

3 REPLIES
Cisco Employee

Re: Problems with shunning

The error indicates that the sensor was unable to establish a connection

to the shunning device. This is most often caused by misconfiguration

of the sensor or device. This can be checked by logging in to the sensor

and manually establishing a Telnet session to the shunning device using

the IP address , username, password, and enable password with which

the sensor was configured.

(These instructions will vary slightly depending on your exact configuration.

For example, if the device is a PIX, SSH might be substituted for Telnet.)

If you are able to establish a connection manually, but the sensor is

still unable to connect, open a TAC case and I will investigate further.

Community Member

Re: Problems with shunning

i wonder if the shunning router or pix is using one time password. how the IDS will telnet to the shunning device? is it possible?

Community Member

Re: Problems with shunning

If the shunning router or pix authenticates to a OTP server, then the sensor, which is the end user, will obviously not be able to authenticate to the OTP server. The normal aaa options (local, ACS internal DB, etc) ought to suffice though, as router management usually doesn't use OTP anyway - OTP is more prevalent for DUN and VPN users.

If password capture is a factor, then ssh can be used (at least with the pix) for shunning to mitigate that risk.

Jeff

109
Views
0
Helpful
3
Replies
CreatePlease to create content