Chapter 13. Cisco IDS Module (IDSM)

This chapter covers the following subjects:

  • Cisco IDS Module

  • IDSM-2 Configuration

  • IDSM-2 Ports

  • Catalyst 6500 Switch Configuration

  • IDSM-2 Administrative Tasks

  • Troubleshooting the IDSM-2

One of the advantages of Cisco IPS is the multiple locations at which you can deploy sensors throughout your network. The Cisco IDS Module (IDSM) enables you to deploy your sensor directly into your Catalyst 6500 switch via a switch-line card.

Besides tuning Cisco IPS to match your unique network requirements, you must also thoroughly understand the various locations throughout your network at which you can deploy IPS sensors. A key traffic-crossing point is your Catalyst 6500 family switches. Deploying an Intrusion Detection System Module 2 (IDSM-2) in your Catalyst 6500 switch enables you to efficiently and effectively monitor traffic traversing your network. Understanding the benefits and limitations of the IDSM-2 is crucial to monitoring a key location in your network infrastructure.

"Do I Know This Already?" Quiz

The purpose of the "Do I Know This Already?" quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

The 10-question quiz, derived from the major sections in the "Foundation and Supplemental Topics" portion of the chapter, helps you determine how to spend your limited study time.

Table 13-1 outlines the major topics discussed in this chapter and the "Do I Know This Already?" quiz questions that correspond to those topics.

Table 13-1. "Do I Know This Already?" Foundation and Supplemental Topics Mapping

Foundation or Supplemental Topic

Questions Covering This Topic

Cisco IDS Module

1, 2

IDSM-2 Configuration


IDSM-2 Ports

3, 4, 8

Catalyst 6500 Switch Configuration


IDSM-2 Administrative Tasks


Troubleshooting the IDSM-2

6, 7


The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.


What is the maximum amount of traffic that the IDSM-2 can monitor?

  1. 500 Mbps

  2. 450 Mbps

  3. 600 Mbps

  4. 250 Mbps

  5. 1000 Mbps


Which of the following is false about the IDSM-2?

  1. It has the ability to monitor multiple VLANs.

  2. It impacts the switch performance.

  3. It runs the same code base as the appliance sensor.

  4. It supports improved management techniques (such as IDM).


Which port on IDSM-2 is the command and control port?

  1. Port 1

  2. Port 7

  3. Port 8

  4. Port 2


Which port on IDSM-2 is the TCP reset port?

  1. Port 1

  2. Port 2

  3. Port 7

  4. Port 8


Which of the following IOS commands accesses an IDSM-2 located in slot 7?

  1. session 7

  2. telnet 2089

  3. session slot 7 processor 1

  4. session slot 7 processor 0


Which switch command can you use to check the status of the IDSM-2 in slot 5?

  1. show slot 5

  2. show module 5

  3. show idsm status

  4. show card 5


What does a red status light-emitting diode (LED) on the front of the IDSM-2 indicate?

  1. The IDSM-2 is running through its boot and self-test diagnostic sequence.

  2. The IDSM-2 is disabled.

  3. A diagnostic other than an individual port test has failed.

  4. The IDSM-2 is in the shutdown state.

  5. The IDSM-2 is operational.


Which of the following ports is an IDSM-2 monitoring port?

  1. 1

  2. 4

  3. 2

  4. 7

  5. 3


Which IOS command changes the VLAN for a specific port on the switch?

  1. switchport access vlan

  2. set vlan

  3. set port

  4. set interface vlan


Which command do you use from the IDSM-2 CLI to shut down the device?

  1. shutdown module

  2. reset powerdown

  3. reload module

  4. reboot module

The answers to the "Do I Know This Already?" quiz are found in the appendix. The suggested choices for your next step are as follows:

  • 8 or less overall score Read the entire chapter. This includes the "Foundation and Supplemental Topics" and "Foundation Summary" sections and the Q&A section.

  • 9 or 10 overall score If you want more review on these topics, skip to the "Foundation Summary" section and then go to the Q&A section. Otherwise, move to the next chapter.

CCSP IPS Exam Certification Guide
CCSP IPS Exam Certification Guide
ISBN: 1587201461
EAN: 2147483647
Year: 2004
Pages: 119
Authors: Earl Carter © 2008-2017.
If you may any questions please contact us: