The IDS Network Module (NM-CIDS-K9) that may be installed in a Cisco 2600XM, 2691, 2800, 3660, or 3700 Series chassis can provide up to 45 MBps of full-featured intrusion protection services within the router. The NM-CIDS provides the ability to inspect all traffic traversing the router, to identify unauthorized or malicious activity such as hacker attacks, worms, or denial-of-service attacks, and to terminate this illegitimate traffic to suppress or contain threats. The NM-CIDS leverages the current Cisco IPS sensor technology to expand the IPS support into the branch office routers. Through collaboration with IPsec VPN and Generic Routing Encapsulation (GRE) traffic, this NM-CIDS can allow decryption, tunnel termination, and traffic inspection at the first point of entry into the networkan industry first. Only one NM-CIDS is supported in a given router, but it is not restricted to a specific NM-CIDS slot within the router. Figure 16-1 shows a typical NM-CIDS network setup.
Figure 16-1. NM-CIDS Network Setup
This section discusses the following items pertaining to NM-CIDS in details.
The sections that follow present details on these topics.
Software and Hardware Requirements
There are specific hardware and software requirements on the router to support NM-CIDS. You must be running one of the IOS versions to insert and use NM-CIDS:
You must be running IDS software version 4.1 or later on the NM-CIDS.
The few routers that support NM-CIDS are listed in Table 16-1.
Front Panel Indicator Lights and How to Use Them
The NM-IDS has a status indicator and a Shutdown button. Locating different indicators and understanding their meaning is necessary for troubleshooting the hardware and for operational issues. Table 16-2 summarizes the purpose of different indicators that are on the front panel of the NM-CIDS.
Slot Assignment on the Router
The NM-CIDS can be inserted in any available slot on the router, if you have the supported hardware (router) and the IOS software version. Only one NM-CIDS is supported per chassis on the supported router.
Installing NM-CIDS Blade on the Router
You must install the NM-CIDS offline in Cisco 2650XM, 2651XM, and 2961 series routers. To avoid damaging the NM-CIDS, you must turn off electrical power and disconnect network cables before you insert the NM-CIDS into a chassis slot or remove the NM-CIDS from a chassis slot.
Cisco 3660 and Cisco 3700 series routers allow you to replace NM-CIDS without switching off the router or affecting the operation of other interfaces. Online insertion and removal (OIR) provides uninterrupted operation to network users, maintains routing information, and ensures session preservation.
Removing NM-CIDS Blade from the Router
The same rule for inserting the NM-CIDS into the router applies for removing the NM-CIDS. Additionally, you must shut down the NM-CIDS before removing it. This is because, unlike other network modules, the NM-CIDS uses a hard-disk drive. Online removal of hard-disk drives without proper shutdown can result in file system corruption and might render the hard-disk drive unusable. The operating system on the NM-CIDS must be shut down in an orderly fashion before it is removed. You can use service-module ids-sensor slot/0 shutdown command to shut the module down from the router.
Ports Supported on NM-CIDS
To understand the interfaces supported on the NM-CIDS, look at the high-level hardware architecture of NM-CIDS as depicted in Figure 16-2.
Figure 16-2. NM-CIDS Hardware Architecture
NM-CIDS uses three interfaces to perform the IDS/IPS functions of monitoring and Command and Control (see Figure 16-2) as follows: