How to enable IPS IPS/IDS in cisco 2811

Similar Messages

• How to recover mbrd_e1t1_vic_connect: setup failed on cisco 2811 routers

  Dear All Experts
  I have three cisco 2811 routers, Router A has both 4 FXS & 4FXO port , Router B & Router C have 4 FXS port. connect with Alcatel PABX.
  Now, the problem is ph lines are down after 3 days or more. Whenever down, i try to refresh voice port , with " shut & no shut " on each routers.Now i face the problem that is whenever i make shut & no shut on Router B site, ph line is ok there. But in Router C site , ph line is down. So i refresh @ Router C site,ph line is ok but in the router B site , ph line is down again.
  I try several ways for shut & no shut. i have no idea. i checked log file on Router A , here is
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-parent:"";
  mso-padding-alt:0pt 5.4pt 0pt 5.4pt;
  mso-para-margin:0pt;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman";}
  Aug 18 16:03:55.306 UTC: mbrd_e1t1_vic_connect: setup failed
  Aug 18 16:03:55.306 UTC: flex_dsprm_tdm_xconn: voice-port(0/3/0), dsp_channel(/0
  /0/0)
  Aug 18 16:12:56.331 UTC: mbrd_e1t1_vic_connect: setup failed
  Aug 18 16:12:56.331 UTC: flex_dsprm_tdm_xconn: voice-port(0/3/0), dsp_channel(/0
  /0/0)
  Aug 18 16:12:56.335 UTC: mbrd_e1t1_vic_connect: setup failed
  Aug 18 16:12:56.335 UTC: flex_dsprm_tdm_xconn: voice-port(0/3/0), dsp_channel(/0
  /0/0)
  Aug 18 16:14:37.405 UTC: mbrd_e1t1_vic_connect: setup failed
  Aug 18 16:14:37.405 UTC: flex_dsprm_tdm_xconn: voice-port(0/3/2), dsp_channel(/0
  /0/0)
  Aug 18 16:19:40.278 UTC: mbrd_e1t1_vic_connect: setup failed
  Aug 18 16:19:40.278 UTC: flex_dsprm_tdm_xconn: voice-port(0/3/0), dsp_channel(/0
  /0/0)
  Aug 18 16:22:34.597 UTC: mbrd_e1t1_vic_connect: setup failed
  Aug 18 16:22:34.597 UTC: flex_dsprm_tdm_xconn: voice-port(0/3/2), dsp_channel(/0
  /0/0)
  Aug 18 16:36:37.065 UTC: mbrd_e1t1_vic_connect: setup failed
  Aug 18 16:36:37.065 UTC: flex_dsprm_tdm_xconn: voice-port(0/3/0), dsp_channel(/0
  /0/0)
  So give me advise & guide to recover this problem . I have really big problem now. help me!
  thanks a lot

  Here it's sh ver .All three routers are same version , flash, model except RouterB & C has only 4 FXS voice interface.
  RouterA#sh ver
  Cisco IOS Software, 2800 Software (C2800NM-SPSERVICESK9-M), Version 12.4(8), RE
  EASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2006 by Cisco Systems, Inc.
  Compiled Mon 15-May-06 14:54 by prod_rel_team
  ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1)
  RouterA uptime is 12 weeks, 1 day, 23 hours, 11 minutes
  System returned to ROM by reload at 08:59:03 UTC Wed May 26 2010
  System restarted at 09:01:16 UTC Wed May 26 2010
  System image file is "flash:c2800nm-spservicesk9-mz.124-8.bin"
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  Cisco 2811 (revision 53.51) with 251904K/10240K bytes of memory.
  Processor board ID FHK0949F1W9
  2 FastEthernet interfaces
  4 Serial(sync/async) interfaces
  4 Voice FXO interfaces
  4 Voice FXS interfaces
  DRAM configuration is 64 bits wide with parity enabled.
  239K bytes of non-volatile configuration memory.
  62720K bytes of ATA CompactFlash (Read/Write)
  Configuration register is 0x2102
  RouterA#sh flash
  -#- --length-- -----date/time------ path
  1     26725176 Dec 2 2005 09:30:24 +06:30 c2800nm-spservicesk9-mz.123-11.T8.bin
  2         1646 Dec 2 2005 09:39:00 +06:30 sdmconfig-2811.cfg
  3      4052480 Dec 2 2005 09:39:22 +06:30 sdm.tar
  4       812032 Dec 2 2005 09:39:38 +06:30 es.tar
  5      1007616 Dec 2 2005 09:39:52 +06:30 common.tar
  6         1038 Dec 2 2005 09:40:06 +06:30 home.shtml
  7       113152 Dec 2 2005 09:40:18 +06:30 home.tar
  8       511939 Dec 2 2005 09:40:32 +06:30 128MB.sdf
  9     28532876 Jul 5 2006 05:12:32 +06:30 c2800nm-spservicesk9-mz.124-8.bin
  10       10829 Aug 9 2010 14:03:44 +06:30 tftp
  2228224 bytes available (61788160 bytes used)
  it seems to be upgrade IOS version 123--11.T8  to 124-8 . I'm not exactly know the history of these routers.

• IPS Tech Tips: IPS Best Practices with Cisco Remote Management Services

  Hi Folks -
  Another IPS Tech Tip coming up and this time we will be hearing from some past and current Cisco Remote Services members on their best practice suggestions. As always these are about 30 minutes of content and then Q&A - a low cost high reward event.
  Hope to see you there.
  -Robert
  Cisco invites you to attend a 30-45 minute Web seminar on IPS Best   Practices delivered via WebEx. This event requires registration.
  Topic: Cisco IPS Tech Tips - IPS Best Practices with Cisco Remote Management   Services
  Host: Robert Albach
  Date and Time:
  Wednesday, October 10, 2012 10:00 am, Central Daylight Time (Chicago,   GMT-05:00)
  To register for the online event
  1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=203590900&t=a&EA=ralbach%40cisco.com&ET=28f4bc362d7a05aac60acf105143e2bb&ETR=fdb3148ab8c8762602ea8ded5f2e6300&RT=MiM3&p
  2. Click "Register".
  3. On the registration form, enter your information and then click   "Submit".
  Once the host approves your registration, you will receive a confirmation   email message with instructions on how to join the event.
  For assistance
  http://www.webex.com
  IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and   any documents and other materials exchanged or viewed during the session to   be recorded. By joining this session, you automatically consent to such   recordings. If you do not consent to the recording, discuss your concerns   with the meeting host prior to the start of the recording or do not join the   session. Please note that any such recordings may be subject to discovery in   the event of litigation. If you wish to be excluded from these invitations   then please let me know!

  Hi Marvin, thanks for the quick reply.
  It appears that we don't have Anyconnect Essentials.
  Licensed features for this platform:
  Maximum Physical Interfaces       : Unlimited      perpetual
  Maximum VLANs                     : 100            perpetual
  Inside Hosts                      : Unlimited      perpetual
  Failover                          : Active/Active  perpetual
  VPN-DES                           : Enabled        perpetual
  VPN-3DES-AES                      : Enabled        perpetual
  Security Contexts                 : 2              perpetual
  GTP/GPRS                          : Disabled       perpetual
  AnyConnect Premium Peers          : 2              perpetual
  AnyConnect Essentials             : Disabled       perpetual
  Other VPN Peers                   : 250            perpetual
  Total VPN Peers                   : 250            perpetual
  Shared License                    : Disabled       perpetual
  AnyConnect for Mobile             : Disabled       perpetual
  AnyConnect for Cisco VPN Phone    : Disabled       perpetual
  Advanced Endpoint Assessment      : Disabled       perpetual
  UC Phone Proxy Sessions           : 2              perpetual
  Total UC Proxy Sessions           : 2              perpetual
  Botnet Traffic Filter             : Disabled       perpetual
  Intercompany Media Engine         : Disabled       perpetual
  This platform has an ASA 5510 Security Plus license.
  So then what does this mean for us VPN-wise? Is there any way we can set up multiple VPNs with this license?

• Is possible to config an subscrat rule for all the signatures enables in IPS?

  Hi.
  is possible to config an subscrat rule for all the signatures enables in IPS?
  Thnks
  Sent from Cisco Technical Support iPad App

  Yes, In the event action filter configuration configure the signature range , victim IP address and the action to subtract.

• How to enable GUI for a Cisco 1841?

  How to enable GUI for a Cisco 1841?

  Hi,
  install SDM or CCP on your PC then on the router :
  en
  conf t
  ip dhcp excluded-address 192.168.1.254
  ip dhcp pool MYPOOL
  network 192.168.1.0 255.255.255.0
  default-router 192.168.1.254
  ip http server
  ip http authentication local
  username xxx privilege 15 secret   xxxx
  int f0/0
  ip address 192.168.1.254 255.255.255.0
  no shutdown
  Regards.
  Alain.

• How to Enable IP Accounting or capture packets in Cisco ASA 5510 (8.2)

  Hi All,
  How to Enable IP Accounting or capture packets in Cisco ASA 5510 (8.2)
  Thanks
  Roopesh

  Hi Roopesh,
  Please go through this document for detailed documentation on captures:
  https://supportforums.cisco.com/docs/DOC-17814
  Hope that helps.
  Thanks,
  Varun Rao
  Security Team,
  Cisco TAC

• How to enable IP SLA on cisco switch

  Hi guys,
  I am trying to enable IP SLA on a Cisco 4948 switch (running 'cat4500-ipbasek9-mz.122-46.SG.bin') to test CiscoWorks IPM using this swtich as a source device. But I can't run the command "ip sla monitor" on this switch. It just has "ip sla responder". Does anyone can help me, please? Is it possible to configura IP SLA on this source switch? Or can I do it only on routers?
  Thanks,
  Regards.
  Flaviano.

  IPSLA is supported in Cisco 800, 1700,1800, 2600,2800, 3500, 3750, 3600,3700, 3800, 4500, 6500, 7200, 7500, 7600, 10000, and 12000, ASR-1K Series Routers. Future support includes CRS-1, ONS ML Card, and Cisco 7970 IP phones in 2005.
  IPSLA-VO (Video Operation) is supported on Cisco Catalyst 3560-X, 3750, 3750-E, 3750-X, 3650, and 3650-E Series switches & EtherSwitch Service Modules (SM-ES3G-16-P) which emulates a 3560 switch within the ISR's.  You can use the EtherSwitch Serv Mod in the ISR's as well and use IPSLA-VO.
  The 2900/3900 ISR's will support IPSLA-VO natively late this year.

• How to enable IDSM-2 Signature through GUI

  Hi Guys,
  We are using IDSM-2 module in cisco 6509 chassis.I believe that only the default signatures were enabled on it at the time of implmentation.Now when I monitor
  it (I use cisco IDM as the GUI to access IDSM-2) like after 6 months I could find that it has a bulk of sigantures on it which are not enabled.Could you
  please guide me how to enable these sigantures on IDSM with out increasing the load on it.

  Welcome to the world of tuning your sensor.
  First thing you should know is that all signautres were not ment to be enabled simultainously. Some signatures are appropriate for your envioment and some are not (say you run a Lunix only shop). Some signatures have such a high false positive rate that they are essentially useless. Some signatures are actionable (meaning you can do somthing about it) others are not (like scans and recon sigs). You need to define what your goals of having a IPS are:
  To generate pretty reports for management?
  To investigate all your high severity events to clean up your infected hosts?
  To "set it and forget it"?
  Your goals will drive you toward an appropriate set of signatures and actions you wish enabled. As always, whatch your sensor load when you make changes, you don't want to overload that thing and start missing packets.

• How to enable auto QoS on C4500-X

  How to enable auto QoS on C4500-X for Cisco phone? Since it is different from the global commands 'mls qos',who has the example? Thanks.

  http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/20ew/configuration/guide/macro.html
  Take a look at this document
  And this one
  http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps4324/prod_white_paper0900aecd8041691c.html

• How to enable SSID broadcast? (E4200 Cloud f/w)

  I got E4200 v.2 with the latest cloud firmware. On the previous (non-cloud) firmware there was an option to enable or disable SSID broadcast, and I disable it. Now I want to enable it back, but can not find this option in Cisco Connect Cloud.
  So there is a question: how to enable SSID broadcast on the E4200 v.2 with Cisco Connect Cloud firmware?
  wbr, bg

  In your case, you need to reset the router to factory defaults, at which point the SSID will be set to broadcast and it cannot be disabled. To know more about why there is no option to disable the SSID broadcast anymore on the Cloud firmware, click here.

• How to enable Channel 13 on WET54g

  I am using it in Europe and need to enable channel 13 so I can connect to a network on this channel.  I vaguely remember being told this was done by accessing a hidden setup page.  Can anyone tell me how to enable channel 13 on a WET54g V3.1?

  perita wrote:
  Thanks for your reply.
  >> Generally, devices bought in the U.S. can only be used in the U.S.
  This seems to me like poor and outdated policy. It reminds of times when you could not take a laptop to Europe because the power supply was only for 110 V.  Most manufacturers have moved to simplifying things for the customer and for themselves by making models more universal. 
  >> Flashing other firmware may brick the device. You can never rule that out.
  >> Flashing European firmware should not cause problems.
  >> Possibly it won't accept it but usually hardware versions between countries are identical.
  You say it should "not cause problems" but "may brick the device". I would consider a bricking the device to be a "problem".  I guess I can interpret it to mean that damage is unlikely but possible.  It gives me pause as I do not want to risk bricking it.
  The device label says it is WET54g V 3.1  At the US site http://homesupport.cisco.com/en-us/support/bridges/WET54G the choice for hardware version only goes up to V 3.0. Puzzling.
  At the European site http://homesupport.cisco.com/en-eu/support/bridges/WET54G/download I found support for version 3.1. Interesting and puzzling since my 3.1 is American.
  There, in the EU site, I found a file named WET54Gv3_1_v2d16.zip which contains two files:
  - wet54gv3_v2d16_us_20091027.img 
  - wet54gv3_v2d16_ce_20091027.img
  There is no explanation in the release notes of which one to use. The names differ only in two characters: us/ce.  I would assume "us" is for USA but what would "ce" be? I was expecting something like "uk" or "eu".  I am guessing the ce version is for Europe but I want to be sure before I start messing.  I have never flashed anything and I have no idea of the degree of risk involved. 
  You can reload it with this firmware wet54gv3_v2d16_ce_20091027.img.

• How to enable callback

  Hi Netpros,
  I have 3660 router with NM-16AM, Modem type is microcom_mimic. I was interested in configuring callback facility on this so that I could connect to this Router from my home. How can I achive this. I am able to dial into the router succesfully. How to move forward, any help??
  TIA

  You can call back PPP clients that dial in to asynchronous interfaces. You can enable callback to the following two types of PPP clients:
  Clients that implement PPP callback per RFC 1570 (as an LCP negotiated extension).
  Clients that do not negotiate callback but can put themselves in answer-mode, whereby a callback from the router is accepted.
  The below link describes how to enable callback
  http://www.cisco.com/en/US/docs/ios/12_0/dial/configuration/guide/dcascall.html

• How to setup Guest Network Name in Cisco Router

  Hello everyone!
  The first. Sorry my english =)
  I want tald you how to change guest network name in cisco (what have different name)
  What we need.
  1. Cisco Connect for Mac OSX (i use snow leopard and Cisco Connect for E3000)
  2. Terminal
  Okay. Let's go.
  1. Install Cisco Connect for OSX
  2. After setup - slighty setup your cisco router (give something name and password), then, when cisco connect say you "You now connected the internet" and going to main screen - exit from cisco connect
  3. Open Terminal (Or you can use Finder (go to Application, show package content Cisco Connect))
  4. Go to /Application/Cisco Connect.app/Contents/Resources/lcid/<your setup language, for english - go 1033>/
  5. Edit resource_strings.pus (vi resource_strings.pus)
  6. Change "-guest" in string <LocalizableString RcFileId='10019' BaseTextHash='0xA65E286D' BaseText='-guest'/> for something what you want. For example, i changed for ' Guest Network'
  7. Save
  8. Open Cisco Setup
  9. Go to router configuration and change desired name. I changed to 'Grizlly Bear'
  10. After setup name - go to Guest Setting and Enable. As you can si, your guest network name set as 'Grizlly Bear Guest Network'
  11.Exit Cisco Setup
  12. Go to web interface setup
  13. Setup Wifi manual and change SSID for diferent names. I change 5Gh to 'Grizlly Bear Hi-Speed Network' and 2.4GHz to 'Grizlly Bear Main Network'
  14. Setup your hostname for all services (fileserver, media server, etc)
  Woala!
  We have three diferent names network!
  Questions?

  In order to enable Guest networking, the AirPort Extreme must be configured as your "main" Internet router. In this configuration, Connection Sharing = Share a Public IP address. The Extreme would be connected directly to the Internet modem and NOT downstream of another router with NAT enabled.
  In this configuration, the Guest network would provide access ONLY to the Internet and NOT to your LAN.

• IPS Signature DataBase - ASA IPS/IOS IPS/IPS 42xx/AIP-SSM

  Hi,
  Can anyone briefly tell me the signature database details (No of Signature) among the following devices,
  -->ASA IPS/IOS IPS/IPS 42xx/AIP-SSM.
  Thanks,

  IPS on ASA/PIX = just 50 or so common signatures
  AIP-SSM module = same signatures as Cisco 4200 series sensors. Little minor differences exist (like IPv6 signature support etc.)
  Please rate if helpful.
  Regards
  Farrukh

• Enable monitor/promiscuous mode on Cisco Atheros AR5001X+

  I have a Cisco Aironet Atheros AR5001X+ wireless card installed on an HP laptop running Ubuntu 8.10. The card is working and I would like to know how to enable monitor/promiscuous mode on it so that I can use wireshark to capture network traffic at work. I would also like to know if I can enable the card in monitor/promiscuous mode in Windows XP and how? Any help would be appreciated, thanks.

  in a console window:
  sudo ifconfig ath0 PROMISC
  password:
  it should be ath0 for an atheros chip, but may be wlan0 or something else
  you will need to install Winpcap for windows
  http://www.winpcap.org/')">http://www.winpcap.org/