This section examines two commonly encountered issues with IDSM-2.
Can I connect a serial cable to IDSM-2 blade?
You can connect a serial cable directly to the serial console port on IDSM-2. This lets you bypass the switch and module network interfaces. This is especially important if you cannot session into the IDSM-2 blade from the switch due to IDSM-2 crash.
Work through the following steps to connect a serial cable to IDSM-2:
Locate the two RJ-45 ports on IDSM-2.
You can find them approximately in the center of the motherboard. If you are facing the module faceplate, the RJ-45 port on the right is the serial console port.
Connect a straight-through cable to the right port on IDSM-2, and then connect the other end of the cable to a terminal server port.
Configure the terminal server port to 19200 baud, 8 bits, no parity.
You can now log directly in to IDSM-2.
Connecting a serial cable to IDSM-2 works only if there is no module located above IDSM-2 in the switch chassis. This is because the cable has to come out through the front of the chassis.
Is it possible to use both Inline and Promiscuous mode at the same time?
As there are only two interfaces for sniffing (port mod/7 and mod/8), you can either configure Inline or Promiscuous mode.
Should I configure VACL or SPAN? Which one is preferred?
A common question asked when implementing the IDSM-2 is whether to use the SPAN or VACL Capture method of copying and forwarding traffic. The answer is "It depends." Normally, the preferred method is to use VACL Capture because it performs the following functions:
Filters out specific traffic that should be inspected by the IDSM-2.
Reduces the amount of unnecessary traffic that the IDSM-2 needs to process.
Compares the limit of 2 receive SPAN sessions or 4 Tx sessions per Catalyst 6500 chassis with the ability to define a VACL capture across 4096 VLANs (each with a capture port). This means that the VACL option provides more flexibility in copying and sending traffic from more ports and/or VLANs.
However, there are times when SPAN might be more applicable, as creating a SPAN session is easier and is only a one-stage configuration process (two for Supervisor IOS). Ultimately, you choose what is more practical and appropriate for your setup.
How can I configure time on the IDSM-2 module?
While the IDS Sensor Appliance can be configured to use either its internal clock or Network Time Protocol (NTP), the module can be configured to use either the switch's time or NTP only. The module cannot be configured to use an internal clock. Therefore, there is no option to set the clock time in the module's CLI. By default, the module is configured to use the switch's time. So be sure that the time zone and summertime settings are correct on both the switch and the module, and that the clock setting is correct on the switch.
How can I recover other users' passwords if Administrator Username/Password is known?
If a password for an administrator account is known, you can reset the other user passwords. For example, if you have two users configured on the IDSM-2 named cisco and admin, and you lost the password for the user cisco, you can log in to IDSM-2 using the username admin and reset the password as shown in Example 15-26:
Example 15-26. Resetting the Other User Password When Admin Username/Password Is Known
IDSM-2# configure terminal ! Remove the usernames that you have lost password IDSM-2(config)#no username cisco ! Define the username with the new password IDSM-2(config)#username cisco priv admin password 123cisco123 IDSM-2(config)#exit IDSM-2#exit [Connection to 127.0.0.51 closed by foreign host] ! Login back to the IDSM-2 to check to see if newly created password is accepted Cat6506#session slot 5 processor 1 The default escape character is Ctrl-^, then x. You can also type 'exit' at the remote prompt to end the session Trying 127.0.0.51 ... Open login: cisco Password: ! Output is suppressed. IDSM-2#
How can I recover other users' passwords if Service Username/Password is known?
If you lose all other passwords (including the administrator password), you can reset these lost passwords if you know the service account. For example, assume you have three usernames: cisco, admin, and service. Assume also that you have lost passwords for both cisco and admin. Use the commands shown in Example 15-27 to reset both the cisco and admin users' passwords.
Example 15-27. Getting into the Service Account to Reset Users' Passwords on IDSM-2
Cat6506#session slot 6 processor 1 The default escape character is Ctrl-^, then x. You can also type 'exit' at the remote prompt to end the session Trying 127.0.0.51 ... Open login: service Password: ! Output is suppressed. ! Get into root using the same password as service account bash-2.05a$ su root Password: ! Resetting the cisco user password [root@idsm2 service]#passwd cisco Changing password for user cisco. New password: Retype new password: passwd: all authentication tokens updated successfully. ! Resetting the admin user password [root@idsm2 service]#passwd admin Changing password for user cisco. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@idsm2 service]# exit bash-2.05a$ exit logout [Connection to 127.0.0.51 closed by foreign host] ! Log back in and see if you can login using the reset password Cat6506#session slot 6 processor 1 The default escape character is Ctrl-^, then x. You can also type 'exit' at the remote prompt to end the session Trying 127.0.0.51 ... Open login: cisco Password: ! Output is suppressed. IDSM-2#
The root password is the same as the service account's password.