Chapter 7
Installing the IDSM2
Using the TCP Reset Interface
The IDSM2 has a TCP reset interface—port 1. The IDSM2 has a specific TCP reset interface because it
cannot send TCP resets on its sensing ports.
If you have reset problems with the IDSM2, and the switch is running Catalyst software, try the
following:
•
•
Front Panel Features
The IDSM2 has a status indicator and a Shutdown button.
Figure 7-1
WS-SVC-IDSM2
INTRUSION DETECTION MODULE
Table 7-3
Table 7-3
Color
Green
Red
Amber
Off
To prevent corruption of the IDSM2, you must use the shutdown command to shut it down properly. For
instructions on properly shutting down the IDSM2, see Step 1 of
the IDSM2 does not respond, firmly press the Shutdown button on the faceplate and wait for the Status
indicator to turn amber. The shutdown procedure may take several minutes.
OL-18504-01
If the sensing ports are access ports (a single VLAN), you need to configure the reset port to be in
the same VLAN.
If the sensing ports are dot1q trunk ports (multi-VLAN), the sensing ports and reset port all must
have the same native VLAN, and the reset port must trunk all the VLANs being trunked by both the
sensing ports.
In Cisco IOS when the IDSM2 is in promiscuous mode, the IDSM2 ports are always dot1q
Note
trunk ports (even when monitoring only 1 VLAN), and the TCP reset port is automatically
set to a trunk port and is not configurable.
IDSM2 Front Panel
describes the IDSM2 states as indicated by the status indicator.
Status Indicator
Description
All diagnostics tests pass—The IDSM2 is operational.
A diagnostics test other than an individual port test failed.
The IDSM2 is running through its boot and self-test diagnostics sequence, or the IDSM2 is
disabled, or the IDSM2 is in the shutdown state.
The IDSM2 power is off.
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0
Using the TCP Reset Interface
Figure 7-1
shows the front panel features.
SHUTDOWN
Removing the IDSM2, page
7-10. If
7-3