Table Of Contents
Installing the IDS Module
Introducing the IDS Module
Specifications
Software and Hardware Requirements
Front Panel Description
Installation and Removal Instructions
Required Tools
Slot Assignments
Installing the IDS Module
Removing the IDS Module
Installing the IDS Module
This chapter contains the following topics:
•
Introducing the IDS Module
•Specifications
•Software and Hardware Requirements
•Front Panel Description
•Installation and Removal Instructions
Introducing the IDS Module
The IDS module (model WS-SVC-IDSM2) is a switching module that is easy to install and maintain in the Catalyst 6500 series switch. It is part of the IDS. You can use the CLI, IDS Device Manager, or Management Center for IDS Sensors to configure the IDS module. Refer to the IDS documentation on Cisco.com for more information about how to configure the IDS module.
The IDS manager provides a graphical interface for managing security across a distributed network. The IDS module performs network sensing—real-time monitoring of network packets through packet capture and analysis. The IDS module captures network packets and then reassembles and compares the packet data against attack signatures indicating typical intrusion activity. Network traffic is either copied to the IDS module based on security VLAN access control lists (VACLs) in the switch or is routed to the IDS module through the switch's Switched Port Analyzer (SPAN) port feature. Both methods permit user-specified traffic based on switch ports, VLANs, or traffic type to be inspected. (See Figure 2-1.)
Figure 2-1 IDS Module Block Diagram
The IDS module searches for patterns of misuse by examining either the data portion and/or the header portion of network packets. Content-based attacks derive from the data portion, and context-based attacks derive from the header portion.
After the IDS module detects an attack, it responds by generating an alarm. Additionally, you can configure the IDS switch module to transmit TCP resets on the source VLAN, generate an IP log, and/or initiate blocking countermeasures on a firewall or other managed device. Alarms are generated by the IDS module through the Catalyst 6500 family switch backplane to the IDS manager, where they are logged or displayed on a graphical user interface. Or you can access the logs through the CLI commands. For a list of IP log commands, refer to the Cisco Intrusion Detection System Command Reference Version 4.0.
Specifications
Table 2-1 lists the specifications for the IDS module.
Table 2-1 IDS Module Specifications
|
Specification
|
Description
|
Dimensions (H x W x D) |
1.18 x 15.51 x 16.34 in. (30 x 394 x 415 mm) |
Weight |
Minimum: 3 lb (1.36 kg) Maximum: 5 lb (2.27 kg) |
Operating temperature |
32 to 104×F (0 to 40×C) |
Nonoperating temperature |
-40 to 167×F (-40 to 75×C) |
Humidity |
10 to 90%, noncondensing |
Software and Hardware Requirements
The following are the IDS module software and hardware requirements:
•Catalyst software release 7.5(1) or later for any supervisor engine.
•Any Catalyst 6500 series switch chassis.
Front Panel Description
The IDS module (see Figure 2-2) has a status LED and a Shutdown button.
Figure 2-2 IDS Module
Status LED
Table 2-2 describes IDS module states as indicated by the status LED.
Table 2-2 Status LED
|
Color
|
Description
|
Green |
All diagnostics test pass—IDS module is operational. |
Red |
A diagnostic other than an individual port test failed. |
Amber |
The IDS module is running through its boot and self-test diagnostics sequence. -or- The IDS module is disabled. -or- The IDS module is in the shutdown state. |
Off |
The IDS module power is off. |
Shutdown Button
To prevent corruption of the IDS module, you must shut it down properly. To properly shut down the switching module, log in to the IDS module from the Catalyst 6500 series console and enter the shutdown command. If the IDS module fails to respond to the shutdown command, use a small pointed object, such as a paper clip, to press the Shutdown button and turn off the IDS module. The shutdown procedure may take several minutes.
Caution
Do not remove the IDS module from the switch until the module shuts down completely. Removing the module without going through a shutdown procedure can damage your module.
Installation and Removal Instructions
All Catalyst 6500 family switches support hot swapping, which lets you install, remove, replace, and rearrange modules without turning off the system power. When the system detects that a module has been installed or removed, it runs diagnostic and discovery routines, acknowledges the presence or absence of the module, and resumes system operation with no operator intervention.
Caution
You must first shut down the IDS module before removing it from a Catalyst 6500 family switch. See
Removing the IDS Module, for the procedure for removing an IDS module from a Catalyst 6500 family switch.
This section contains these topics:
•Required Tools
•Slot Assignments
•Installing the IDS Module
•Removing the IDS Module
Required Tools
Note Before installing the IDS module, you must have the Catalyst 6500 family switch with at least one supervisor engine. Refer to the Catalyst 6500 Family Installation Guide for more information.
You will need the following tools to install the IDS module in the Catalyst 6500 series switches:
•Flat-blade screwdriver.
•Wrist strap or other grounding device.
•Antistatic mat or antistatic foam.
Whenever you handle the IDS module, always use a wrist strap or other grounding device to prevent serious damage from electrostatic discharge (ESD).
Warning Only trained and qualified personnel should install or replace this equipment.
Slot Assignments
The Catalyst 6006 and 6506 switch chassis each have six slots. The Catalyst 6009 and 6509 switch chassis each have nine slots. (See Figure 2-3.) The Catalyst 6513 switch chassis has 13 slots.
Note The Catalyst 6509-NEB switch has vertical slots numbered 1 to 9 from right to left. Install the IDS module with the component side facing to the right.
•Slot 1 is reserved for the supervisor engine.
•Slot 2 can contain an additional redundant supervisor engine for failover.
•If a redundant supervisor engine is not required, slots 2 through 6 on the 6-slot chassis, slots 2 through 9 on the 9-slot chassis, and slots 2 though 13 on the 13-slot chassis are available for modules, such as the IDS module.
•Install module filler plates (blank module carriers) in the empty slots to maintain consistent airflow through the switch chassis.
Note The IDS module works with any supervisor engine using SPAN, but the copy capture feature with security VACLs requires that the supervisor engine has the Policy Feature Card (PFC) option.
Figure 2-3 Slot Numbers on Catalyst 6500 Series Switch
Installing the IDS Module
To install the IDS module in the Catalyst 6500 series switch, follow these steps:
Step 1 Make sure that you take necessary ESD precautions.
Warning During this procedure, wear grounding wrist straps to avoid ESD damage to the card. Do not touch the backplane with your hand or any metal tool, or you could shock yourself.
Step 2 Choose a slot for the IDS module.
Note The supervisor engine must be installed in slot 1; a redundant supervisor engine can be installed in slot 2. If a redundant supervisor engine is not required, slots 2 through 9 (slots 2 through 6 on the 6-slot chassis and slots 2 through 11 on the 13-slot chassis) are available for modules.
Step 3 Loosen the installation screws (use a screwdriver, if necessary) that secure the filler plate to the desired slot.
Step 4 Remove the filler plate by pulling the ejector levers on both sides and sliding it out.
Warning Blank faceplates and cover panels serve three important functions: they prevent exposure to hazardous voltages and currents inside the chassis; they contain electromagnetic interference (EMI) that might disrupt other equipment; and they direct the flow of cooling air through the chassis. Do not operate the system unless all cards, faceplates, front covers, and rear covers are in place.
Step 5 Hold the IDS module with one hand, and place your other hand under the IDS module carrier to support it.
Caution
Do not touch the printed circuit boards or connector pins on the IDS module.
Step 6 Place the IDS module in the slot by aligning the notch on the sides of the IDS module carrier with the groove in the slot. (See Figure 2-4.)
Figure 2-4 Installing Modules in the Catalyst 6500 Series Switch
Step 7 Keeping the IDS module at a 90-degree orientation to the backplane, carefully slide it into the slot until the notches on both ejector levers engage the chassis sides. (See Figure 2-5.)
Figure 2-5 Ejector Levers and Captive Installation Screws
Step 8 Using the thumb and forefinger of each hand, simultaneously pivot in both ejector levers to fully seat the IDS module in the backplane connector.
Caution
Always use the ejector levers when installing or removing the IDS module. A module that is partially seated in the backplane will cause the system to halt and subsequently crash.
Note If you perform a hot swap, the console displays the message Module x has been inserted. This message does not appear, however, if you are connected to the Catalyst 6500 family switch through a Telnet session.
Step 9 Use a screwdriver to tighten the installation screws on the left and right ends of the IDS module.
See Verifying the Installation, to verify that you have correctly installed the IDS module and can bring it online.
Removing the IDS Module
This procedure describes how to remove the IDS module from the Catalyst 6500 family switch.
Warning Only trained and qualified personnel should install or replace this equipment.
Caution
Before removing the IDS module, be sure to perform the shutdown procedure. If the IDS module is not shut down correctly, you could corrupt the network analysis software.
Warning During this procedure, wear grounding wrist straps to avoid ESD damage to the card. Do not touch the backplane with your hand or any metal tool, or you could shock yourself.
To remove the IDS module, follow these steps:
Step 1 Shut down the IDS module by one of these methods.
•Catalyst software:
–Enter the set module shutdown module_number command, and then enter the reset module_number command to restart the IDS module.
–Enter the session command to log into the IDS module from the Catalyst 6500 series console (see Logging in to the Sensor), and then enter the shutdown command.
–Enter the set module power down module_number command. You must then enter the set module power up module_number command when you want to restore power to the IDS module in this slot.
–If the IDS module does not respond to any commands from the IDS module prompt or the supervisor engine, use a small pointed object to press the Shutdown button.
Note Shutdown may take several minutes.
Step 2 Verify that the IDS module shuts down. Do not remove the IDS module until the status LED is amber or off.
Step 3 Use a screwdriver to loosen the installation screws at the left and right sides of the IDS module.
Step 4 Grasp the left and right ejector levers and simultaneously pull the left lever to the left and the right lever to the right to release the IDS module from the backplane connector.
Step 5 As you pull the IDS module out of the slot, place one hand under the carrier to support it.
Caution
Do not touch the printed circuit boards or connector pins.
Step 6 Carefully pull the IDS module straight out of the slot, keeping your other hand under the carrier to guide it.
Note Keep the IDS module at a 90-degree orientation to the backplane (horizontal to the floor).
Step 7 Place the IDS module on an antistatic mat or antistatic foam.
Step 8 If the slot is to remain empty, install a filler plate (part no. 800-00292-01) to keep dust out of the chassis and to maintain proper airflow through the module compartment.
Warning Blank faceplates and cover panels serve three important functions: they prevent exposure to hazardous voltages and currents inside the chassis; they contain electromagnetic interference (EMI) that might disrupt other equipment; and they direct the flow of cooling air through the chassis. Do not operate the system unless all cards, faceplates, front covers, and rear covers are in place.
Feedback