|
Table Of Contents
IDS Sensor Interface IP Address
IDS NM Configuration Checklist
IDS NM Interface Monitoring Configuration
Switch Module Interface Selection
Network Module Management
If the router has network modules that are managed by other applications, such as Intrusion Detection System (IDS), SDM provides a means for you to launch those applications.
IDS Network Module Management
If a Cisco IDS Network Module is installed on the router, this window displays basic status information for it. If the IDS Network Module has been configured, you will also be able to start the Intrusion Detection Device Manager ( IDM) software on the IDS Network Module, and select the router interfaces that you want the IDS Network Module to monitor from this window.
If SDM detects that the IDS Network Module has not been configured, it prompts you to open a session to the network module so that you can configure it. You can use Telnet or SSH for this session.
IDS Network Module Control Buttons
SDM enables you to issue a number of basic commands to the IDS Network Module from this window.
Reload
Click to reload the IDS network module operating system.
Reset
Click to perform a reset of the IDS network module hardware You should only use the Reset button to recover from Failed state, or after you have shutdown the IDS Network Module.
Shutdown
Click to shutdown the IDS Network Module. You should always perform a shutdown before you to remove the module from the router.
Launch IDM
Click to start the IDM software on the IDS module. When you launch the IDM software, SDM displays a dialog box that asks you for the IP address of the IDS module's external Fast Ethernet interface. When SDM obtains the correct address, it opens an IDM window. For more information on this dialog box, refer to IP Address Determination.
For more information on how to run the IDM application, refer to the documents at the following link:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/index.htm
Refresh
Click to refresh the status display.
IDS Network Module Status
This area shows the general status of the IDS Network Module. It contains the following types of information.
•Service Module-The name of the network module.
•State-The state of the network module. Possible states are: Steady state, Shutdown, and/or Failed.
•Software Version-The version of IDM software running on the module.
•Model-The model number of the network module.
•Memory-The amount of memory available on the network module.
IDS NM Monitoring Interface Settings
This area of the window shows which router interfaces have traffic sent to the IDS network module for monitoring.
Configure
Click to add or remove interfaces from this list. When you click Configure, SDM verifies that the IDS Network Module has been configured, and that the router has all the configuration settings necessary to communicate with the IDS Network Module. If any configurations are not in place, SDM displays a checklist showing you what has been configured and what has not been configured. You can click on the items that have not been configured to complete the configuration, and then have SDM reverify that these items have been configured so that you can then add or remove interfaces from the IDS Network Module Interface Settings list.
IDS Sensor Interface IP Address
SDM must communicate with the IDS network module using the IP address of the module's internal Fast Ethernet interface. This window appears when SDM cannot detect this IP address, and enables you to supply one without leaving SDM to do so. If the IDS network module has been configured with a static IP address, or configured as IP unnumbered to another interface with an IP address, this window will not appear.
Entering an IP address in this window may create a new loopback interface. Loopback interfaces can be displayed in the Interfaces and Connections window. The IP address you enter will only be seen by the router. Therefore, it can be any address you want to use.
IP Address
Enter an IP address to use for the IDS Sensor interface. SDM will do the following:
•Create a loopback interface. The number 255 is used if available, if not, another number will be used. This loopback interface will be listed in the Interfaces and Connections window.
•Configure the loopback interface with the IP address you enter.
•Configure the IDS network module IP unnumbered to the loopback interface.
•If the IDS network module has already been configured IP unnumbered to an existing loopback interface, but the interface does not have a valid IP address, the loopback interface is given the IP address you enter in this window.
IP Address Determination
SDM displays this window when it needs to determine the IP address of a network module that you are attempting to manage. This is typically the IP address of the module's external Ethernet interface. SDM can use the address it used the last time the management application was run, it can attempt to discover the IP address, or it can accept an address that you provide in this window.
Select a method, and click OK. If the method you choose fails, you can select another method.
Use SDM last known IP Address
Click to have SDM use the IP address that it used the last time that the management application for this network module was run. If the IP address of module has not been changed since the management application was last run, and you do not want SDM to attempt discovery of the address, use this option.
Let SDM discover IP address
Click to have SDM attempt to discover the network module's IP address. You can use this option if you do not know the IP address, and you are not sure that the last address SDM used to contact the network module is still correct.
Specify
If you know the network module's IP address, choose this option, and enter the address. SDM will remember the address, and you can select Use SDM last known IP Address the next time you start the network module.
IDS NM Configuration Checklist
This window is displayed when you have clicked Configure in the IDS Network Module Management window to specify the router interfaces whose traffic is to be analyzed, but the IDS network module or the router lacks a configuration setting required for the two devices to communicate. It shows which configuration settings are needed, and in some cases, allows you to complete the configuration from within SDM.
IDS NM Sensor Interface
Date & Time
IP CEF Setting
If this row contains an X icon in the Action column, Cisco Express Forwarding (CEF) has not been enabled on the router. Double-click on this row, and click Yes to enable IP CEF on the router.
IDS NM Initial Setup
If this row contains an X icon in the Action column, SDM has detected that the IDS Network Module's default IP address has not been changed. Double-click on this row, and SDM will prompt you to open a session to the IDS module and complete configuration.You can use Telnet or SSH for this session.
For more information on configuring the IDS module, refer to the documents at the following link.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/index.htm
Refresh
After you have fixed configuration settings, you can click this button to refresh the checklist. If an X icon remains in the Action column, a configuration setting has still not been made.
IDS NM Interface Monitoring Configuration
Use this window to select router interfaces whose traffic you want the IDS network module to monitor.
Monitored Interfaces
This lists contains the interfaces whose traffic the IDS network module is monitoring. To add an interface to this list, select an interface from the Available Interfaces list, and click the left arrow (<<) button. To remove an interface from this list select the interface and click the right arrow (>>) button.
Available Interfaces
This lists contains the interfaces whose traffic the IDS network module is not currently monitoring. To add an interface to the Monitoring Interfaces list, select the interface, and click the left arrow (<<) button.
Network Module Login
Enter the username and password required to login to the network module. These credentials may not be the same credentials required to log in to the router.
Feature Unavailable
This window appears when you try to configure a feature that the Cisco IOS image on your router does not support. If you want to use this feature, obtain a Cisco IOS image from Cisco.com that supports it.
Switch Module Interface Selection
This window is displayed when there is more than one switch module installed on the router, and allows you to select the one that you want to manage. Click the radio button next to the switch module that you want to manage, and then click OK.
Posted: Fri Oct 7 13:33:30 PDT 2005
All contents are Copyright © 1992--2005 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.