| The Cisco IDS Network Module (NM-CIDS) for access routers is a full-featured IPS sensor that provides the ability to inspect all traffic traversing a router. The specifications for the NM-CIDS are as follows: Performance 45 Mbps Monitoring interface Internal 100 Mbps Command and control interface External 100 Mbps Supported routers Cisco 2600XM Series 2691, 3660, 3725, and 3745 routers Cisco IOS software 12.2(15)ZJ or later IDS sensor software Cisco IPS version 4.1 or later
The status light-emitting diodes (LEDs) available on the front panel of NM-CIDS are as follows: ACT Displays activity on the Fast Ethernet connection DISK Displays activity on the IPS hard-disk drive EN Indicates that the NM-CIDS has passed the self-test and is available to the router LINK Indicates that the Fast Ethernet connection is available to the NM-CIDS PWR Indicates that power is available to the NM-CIDS
The following is a list of the features whose processing can impact the operations of the NM-CIDS: Cisco IOS software examines the IP header of all packets and drops any packet that contains an error, such as an irregularity in a field. Possible irregularities include the following: Bad IP version Incorrect IP option field Bad header length Total packet length greater than 8192 bytes or less than 20 bytes IP cyclic redundancy check (CRC) failure Time to Live (TTL) less than 1
Installing and configuring the NM-CIDS involves the following tasks: Step 1. | Installing the NM-CIDS
| Step 2. | Configuring the internal ids-sensor interface
| Step 3. | Assigning the clock settings
| Step 4. | Setting up packet monitoring
| Step 5. | Accessing the NM-CIDS console
| Step 6. | Performing initial sensor configuration
|
Installing the NM-CIDS into your router involves performing the following tasks: Step 1. | Insert the NM-CIDS into a router.
| Step 2. | Connect the NM-CIDS to the network.
| Step 3. | Verify that the router recognizes the NM-CIDS.
| Step 4. | Verify that Cisco IOS-IDS is not running.
|
When using Cisco IOS clock mode, accurate NM-CIDS time depends on the following: Router's local time Router's time zone offset Router's summer time mode and offset NM-CIDS's time zone offset NM-CIDS's summer time mode and offset
When you are using Network Time Protocol (NTP) mode, accurate NM-CIDS time depends on the following: NTP server's clock reference, which is configured in the router's Cisco IOS software NM-CIDS's NTP configuration NM-CIDS's time zone offset NM-CIDS's summer time mode and offset
The following are NM-CIDS clock recommendations, listed in order from the best choice to the worst choice: Use NTP mode on the NM-CIDS. Run an NTP client on the router, and use Cisco IOS clock mode on the NM-CIDS. Run Cisco IOS clock mode on the NM-CIDS, and set the Cisco IOS time zone to UTC. Run Cisco IOS clock mode on the NM-CIDS, and set the Cisco IOS time zone to the local time zone.
Unlike the IPS appliances, the NM-CIDS has no console port of its own. Internal Universal Asynchronous Receiver/Transmitters (UARTs) provide console access to the NM-CIDS through the Cisco IOS software. The Cisco IOS software performs a reverse Telnet that enables you to access the NM-CIDS console. The reverse Telnet to the NM-CIDS console can be indirectly invoked by the service-module command or directly invoked by using Telnet. The service-module ids-sensor command enables you to perform the following tasks from the router CLI: NM-CIDS image recovery involves the following tasks: Step 1. | Configure the boot loader.
| Step 2. | Boot the helper image.
| Step 3. | Select the file-transfer method.
| Step 4. | Install the application image.
| Step 5. | Boot the application image.
| Step 6. | Configure the IPS application.
|
| 