Solutions Fast Track
Understanding the Cisco IDSM Sensor
The IDSM sensor is a bore or brand in the Catalyst 6000/6500 alternation switch.
The IDSM uses SPAN, RSPAN, or VACLs to abduction cartage for analysis.
The IDSM sensor can abduction all VLANs or a alternative of VLANs.
The IDSM sensor does not appulse the achievement of the about-face during its operation.
If the IDSM sensor fails or is disabled, it does not block the breeze of cartage back it is a acquiescent device.
There are two ports on the IDSM sensor. The first, anchorage 1, is for ecology the traffic. The second, anchorage 2, is acclimated to command and ascendancy the IDSM sensor.
The IDSMv1 needs to accept a administrator to administer the sensor while IDSMv2 can be managed by web, Telnet, or a director.
Configuring the Cisco IDSM Sensor
The antecedent agreement is able by application the bureaucracy command.
There are two partitions on a Cisco IDSM: one for the operation and one for maintenance.
In adjustment for the IDSM sensor to assay traffic, we charge to accredit it to the actual VLAN(s) that we appetite to assay by application the set vlan command.
If we appetite to aloof clarify cartage at the IP level, we can use the SPAN command.
If we appetite to clarify cartage at a anchorage akin or a MAC level, we use VACLs
Updating the Cisco IDSM Sensor
Updating the operating arrangement of the sensor requires you to cossack the sensor from the aliment allotment either by ambience the cossack accessory or by application the displace command.
Before any upgrades to the sensor can be completed, the IDSM sensor charge accept the arrangement settings configured on the aliment partition.
To advancement the operating system, use the ids-installer arrangement command from the diag approach on the aliment partition.
To install a account backpack to the operating arrangement of the IDSM sensor, use the administer command from the config approach on the primary allotment of the IDSM sensor.
The signature updates, operating arrangement updates, or patches are downloaded to the IDSM sensor by FTP.
Troubleshooting the Cisco IDSM Sensor
The cachet LED can acquaint you if the arrangement has completed all diagnostics, failed, or if the IDSM is disabled
If you can't Telnet to the IDSM sensor directly, verify you accept at atomic adaptation 3.0 cipher and that Telnet has been enabled (by default, it's disabled).
If the IDSM sensor cannot see any traffic, analysis that the adviser anchorage is in the actual VLAN by application the appearance vlan command from the enabled approach of the switch.
To verify the IDSM processes are running, use the appearance agreement command, which gives the cachet of the nr.postoffice, nr.filexd, nr.loggerd, and nr.packetd processes.
To abolish a agreement from the IDSM sensor, use the bright config command. Remember though, this command will leave the IDSM in a disabled state.
If a anew installed account backpack is problematic, we can abolish it by application the abolish command from the config approach on the primary partition