Configuring the Cisco IDS Router / Switch Modules


The IDSM-2 Module is a Cisco IDS blade for the Cisco 6500 switch.
Once you install the module into the switch the module uses following logical ports :

Port 1 Used for TCP Resets (In Promiscuous Mode)
Port 2 Command and Control
Port 7 Sensing Port
Port 8 Sensing Port

Below details the steps required for configuring your switch / module for an inline setup. This includes obtaining the module number for the cisco ids running the setup wizard and then assigning the required ports for on the switch for ids sensing within an inline configuration. The clear trunk commands are required as by default the switch assigns the ports as trunk ports to every vlan.

switch > (enable) show module
switch > (enable) session [module]
isdm-2# setup
switch > (enable) set vlan 50 5/7
switch > (enable) set vlan 51 5/8
switch > (enable) clear trunk 5/7 1-49, 51-4094
switch > (enable) clear trunk 5/7 1-50, 51-4094


The NM-CIDS is the IDS module for Cisco Routers.The config below allows you to assign an ip address to the sensor which will only we accessible via a route or via a reverse telnet from the router itself. This a security measure to ensure that your IDS modules IP address isn't fully accessible.

router (config) # interface loopback 0
router (config-if) # ip address
router (config-if) # exit
router (config) # interface ids-sensor 1/0
router (config-if) # ip unnumbered lo 0
router (config-if) # exit
router (config) # ip cef

Under each interface use the following command to initiate the packet monitoring

router (config-if) # ids-service-module monitor

Access the NM-CIDS Console

router # service-module ids-sensor x/y session


router # telnet [router ip] [port number - port number =  (32 * port number) + 2001]

An exampe in our case for the the telnet option would be using the syntax "telnet 2033"

Maintenance Commands

router # service-module ids-sensor x/y ...

About the Author


R Donato

Rick Donato is the Founder and Chief Editor of He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001