Configuring the Cisco IDS Router / Switch Modules

IDSM-2

The IDSM-2 Module is a Cisco IDS blade for the Cisco 6500 switch.
Once you install the module into the switch the module uses following logical ports :

Port 1Used for TCP Resets (In Promiscuous Mode)
Port 2Command and Control
Port 7Sensing Port
Port 8Sensing Port

Below details the steps required for configuring your switch / module for an inline setup. This includes obtaining the module number for the cisco ids running the setup wizard and then assigning the required ports for on the switch for ids sensing within an inline configuration. The clear trunk commands are required as by default the switch assigns the ports as trunk ports to every vlan.

switch > (enable) show module
switch > (enable) session [module]
isdm-2# setup
switch > (enable) set vlan 50 5/7
switch > (enable) set vlan 51 5/8
switch > (enable) clear trunk 5/7 1-49, 51-4094
switch > (enable) clear trunk 5/7 1-50, 51-4094

NM-CIDS

The NM-CIDS is the IDS module for Cisco Routers.The config below allows you to assign an ip address to the sensor which will only we accessible via a route or via a reverse telnet from the router itself. This a security measure to ensure that your IDS modules IP address isn’t fully accessible.

router (config) # interface loopback 0
router (config-if) # ip address 1.1.1.1 255.255.255.255
router (config-if) # exit
router (config) # interface ids-sensor 1/0
router (config-if) # ip unnumbered lo 0
router (config-if) # exit
router (config) # ip cef

Under each interface use the following command to initiate the packet monitoring

router (config-if) # ids-service-module monitor

Access the NM-CIDS Console

router # service-module ids-sensor x/y session

or

router # telnet [router ip] [port number – port number =  (32 * port number) + 2001]

An exampe in our case for the the telnet option would be using the syntax “telnet 1.1.1.1 2033

Maintenance Commands

router # service-module ids-sensor x/y …
reload
reset
session
shutdown
status

Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial