IDSM deployment in a live network...

Guys
We're about to deploy an IDSM in a live 6500 with IOS 12.2(18) sxd4 sup720...
My questions are:
1. Are there any issues we have to consider since it is a live network ?
2. Do we need any downtime or will it interrupt the link ?
3. Each of the 3 sites has a pair of 6500 and each core has an IDSM...what are Cisco's best practices/recommendations since it will be an initial deployment ?
4. Which will be the ideal to use SPAN or VACL for this such topology ?
Your input will be highly appreciated
TIA.

Here are some quick answers to your list of questions...
1. Yes, there are some things to consider. The biggest one is the answer to your second question.
2. IIRC, you'll have to power off the Catalyst chassis prior to installing the IDSM-2 line card. Since the switch won't have power, you'll definitely impact your link(s). I'd say this is a big consideration, in light of your first question.
3. I’m not too sure what exactly you're asking here.
Without a better explanation of the overall network topology and where exactly the IDSM-2 sensors will actually be deployed, it's difficult to offer up anything meaningful. As for best practices, it always depends on the network topology, so we'll need more info to help. BTW, I'm not aware of any definitive "Best Practices" documentation WRT deploying IDS/IPS in specific scenarios, if that’s what you’re looking for.
4. The choice of SPAN or VACL is usually driven by what you're trying to monitor. If you want to watch all the traffic on your “ACCOUNTING” or “ENGINEERING” VLAN, you'd use VACL. If you want to watch all the switch ports that are connected to routers (uplinks, extranets, that kind of thing), SPAN is the way to go.
I hope this helps,
Alex Arndt

Similar Messages

  • When I try to open live hot mail I get this message:The Windows Live Network is unavailable from this site for one of the following reasons:

    When I try to open live hot mail I get this message: The Windows Live Network is unavailable from this site for one of the following reasons:
    * This site may be experiencing a problem
    * The site may not be a member of the Windows Live Network
    You can:
    * You can sign in or sign up at other sites on the Windows Live Network, or try again later at this site.
    However, when I open hot mail in IE it opens just fine. Tried changing the password as suggested but it did not help in Firefox.

    Clear the cache and the cookies from sites that cause problems.
    * "Clear the Cache": Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
    * "Remove the Cookies" from sites causing problems: Tools > Options > Privacy > Cookies: "Show Cookies"

  • ACS Upgrade in live network ok?

    I am about to upgrade our CiscoSecure  ACS from 4.1 to 4.2.  If I do so on a live network, can that affect anything within my network?
    I would hate to bring down an entire network and upset about 3000 users.
    Thanks in advance!

    That will prevent that particular ACS to authenticate new users for the time of the upgrade ...
    Existing users won't be kicked out unless you configured a very frequent reauthentication timer.
    If you have more than one ACS then the other should be there to take the job

  • I want to get into Hotmail but it says "Windows Live Network is unavailable from this site."

    I have always been able to get into my Hotmail account until about two weeks ago. I updated Mozilla in hopes that this would help but it didn't. The message I get also says that it is unavailable from this site for one of the following reasons - The site is experiencing a problem (but when I try to get into Hotmail from Internet Explorer I have no trouble). OR The site may not be a member of the Windows Live Network - it has always worked before and every once in a while still works. Can anyone help me?

    * "Clear the Cache": Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
    * "Remove the Cookies" from sites that cause problems: Tools > Options > Privacy > Cookies: "Show Cookies"
    Start Firefox in [[Safe Mode]] to check if one of your add-ons is causing your problem (switch to the DEFAULT theme: Tools > Add-ons > Themes).
    * Don't make any changes on the Safe mode start window.
    See [[Troubleshooting extensions and themes]] and [[Troubleshooting plugins]]

  • The Windows Live Network is unavailable from this site for one of the following reasons:

    Reasons:* This site may be experiencing a problem
    * The site may not be a member of the Windows Live Network
    You can:
    * You can sign in or sign up at other sites on the Windows Live Network, or try again later at this site
    It is getting stuck on the HTTPS login from microsoft. It works fine on IE and FF Beta. Have tried clearing cach, cookies, etc with no
    fix. Please HELP.....

    Do you have that problem when running in the Firefox SafeMode? <br />
    [http://support.mozilla.com/en-US/kb/Safe+Mode] <br />
    ''Don't select anything right now, just use "Continue in SafeMode."''
    If not, see this: <br />
    [http://support.mozilla.com/en-US/kb/troubleshooting+extensions+and+themes]

  • IDSM-2: hints for initial network setup?

    Hello team:
    I was asked to carry out a very basic configuration of a brand new IDSM-2 on a CAT6500. According to the documentation, once in the Supervisor´s CLI, I must execute a "session" command to the slot in which the IDSM is located.
    Once there, I have to follow the wizard to add IP, mask and gateway. Having this configured, the module´s management interface should be visible from the rest of the network, but I do not see how this happens, since the module should use one of the switch´s VLANs, and I haven´t found how this is configured.
    Question: ¿how will this IDSM link itself to the switch´s layer 3 engine? I do not see how its layer 2 will match any available VLAN in the host LAN switch...
    Any help will be greatly appreciated
    Rogelio Alvez
    Argentina

    I think what you need to add is a command on the 6500 that puts the IDSM-2 management port in a particular vlan.  For example:
    intrusion-detection module 9 management-port access-vlan 101
    This would place the management port for the iDSM-2 card in slot 9 in vlan 101.  The host-ip that you define on the IDSM-2 card itself would then need to be valid for this vlan.
    Steve

  • SharePoint 2013 deployed using Layer 2 network; considered stretched Farm?

    Planning to deploy SharePoint 2013 in different DC’s, the distance is 130 Kms between DC’s. The bandwidth is 100GB but latency is <20ms
    but it’s a layer 2 network. Is this deployment considered to be a stretched Farm?
    Mohammed Asif Kazi

    are both DC on same domain? what about the servers, will all in the same DC or they spread across DCs?
    with the latency you mentioned, this is not supported. It is highly recommended,avoid it as much as you can.
    check the below blogs, for more information.
    http://social.technet.microsoft.com/Forums/sharepoint/en-US/a7780b9c-4932-4064-b5b2-2b91948ddc96/sharepoint-2013-stretched-farm?forum=sharepointadmin
    http://technet.microsoft.com/en-us/library/cc748824(v=office.15).aspx#CfgStretchedFarm
    Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

  • EIGRP Password String on Live Network

    Hi,
    I want to use an EIGRP password between routers and layer 3 switches in our environment. Is it possible to implement a EIGRP string on a live environment without any downtime?
    Thank you

    This is kind of what I'm referring to. Set the routers with an accept and send-time but, have not end time.
    key chain <name_of_keychain>
    key <#>
    key-string <string_used_for_PSK>
    !Optional - set lifetime
    accept-lifetime <start_date> <end_date>
    send-lifetime <start_date> <end_date>
    Copied this from
    http://gregandthenetwork.blogspot.com/2011/05/eigrp-authentication.html  

  • Switches have a VTP Mode set to "server" can I set them to "Transparent" on a live network?

    Currently our cisco 2960 switches at location "B" have a VTP Mode set to “server” I want to change this to “Transparent”
    They have VLAN1-default (active) 10.1.10.81; VLAN2-patron(active) 192.168.10.2; VLAN3-vlan0003(suspended) no ipaddress; VLAN4-vlan0004(suspended) 192.168.20.2
    I want to delete VLAN3 and VLAN4
    The connection between loc "A" and "B" is set to “Static Access VLAN1” I need to change it to “Trunk Nonnegotiate Vlan all” for our vlan2 at loc "B" to work.
    Reason for this change, when I added these switches to our network about 6 months ago it brought my network down, Knowing what I know now I think they wrote their settings to all the other switches that were vtp server switches on our network, VLAN3 and 4 were set to active at that time.

    Switching from server to transparent vtp mode will not disrupt your network, the existing vlans will still be available, modifications however will need to be executed manually on the transparent mode switches.
    If the interfaces between location A and B are configured as access ports, VTP will not work as it is only in effect on trunk links.
    Before adding switches to an existing VTP domain, best practise is to configure transparent mode to set the revision number to 0. This way the VLAN database of existing switches will not be altered when connecting the switch.
    HTH,
    Bert

  • Deploying JRE across company network.

    Hello Everyone!
    I need to deploy JRE across our intranet and would like to be able to deactivate automatic updates and always replace the older version of JRE upon deployment. I have not been successfull so far.
    I have tried using the MSI included in the EXE Download plus a MST (Transform) File. I've set the following properties:
    AUTOUPDATECHECK=0
    JU=0
    JAVAUPDATE=0
    Automatic Updates is still turned on despite of this. And I am not able to replace older JAVA RE versions unconditionally.
    How can I achieve these goals?
    BTW: What do the above options control, if not (auto-) updates?
    Greetings,
    Kettler.

    You're not the only one to run into that I can tell you - threads I have seen so far with the same subject go unanswered. I would see if there is not a bug report that matches your problem, perhaps there is one with a workaround listed.
    So I don't have any answer but this thread may be of interest to you - I thought I'd bring it to your attention to perhaps save you some personal effort:
    The specified item was not found.

  • Small business needing to expand and deploy a network

    HI,
    I hope this is the correct forum to post this question.  If not, please move it to one more appropriate.
    We are a small company currently working from home but now have a need to expand into an office due to winning a contract with a large international organization.  We offer web market research services utilizing Web 2.0 techniques.  Our current 'network' infrastructure if you want to call it that is based around a standard home office scenarion - 24Mbit DSL 4 PC's, a couple of laptops, Dlink gigabit switch and the router from the telecom company.  Our printers are networked via the switch and we run Windows 7.  We have servers hosted in the Rackspace Cloud and with Amazon S3 but no current physical server.  Email is via a hosted Exchange package.
    Due to the new contract we will have to hire two to three additional personnel taking us to 7 staff in total and that requires a move to a dedicated office.  That wouldn't be much of an issue if we only needed to setup an office LAN but the crunch comes within the security protocols we are required to meet in the new contract.  We'll be storing customer data on servers and we'll require an audit of our systems once in place.  We will be scanned by our new client and expected to install a scanner appliance to be deployed on our internal network which will allow our new client to periodically scan us for network vulnerabilities.
    The key issue is that we have to have physical sight of the server that is holding the data, which also needs to have WAN access.  This server must reside on a network independent from our office LAN.  We'll need VPN access to this server.  The requirements document also demands a hardware firewall.  The new office has Cat6 cabling that routes back to a server room.  Apart from that, this room is empty.
    It's a bit of a daunting task and I'd like to know what equipment we'll require to setup two independent networks with WAN access.  The two new servers will probably come from Dell and will be rack mounted.  I'm sure we'll need the services of a network professional but I'd like to be clear in my own head about what components we will need to purchase to deploy this network, and what would be a suitable internet network connection.  The server for the new project will need to run a web and MySQL server and it will be accessed by around 600 people across Europe and the USA each month.  I can't give a clear figure on total bandwidth but the 600 people will be accessing a pretty standard WordPress site.  The number of users will increase to 6000 per month within 6 months.  On top of that office staff will be sending emails and using web services on a daily basis.  The office server will run Windows Server 2008 with 10 CAL's.  We have an initial capital budget of about $12,500.  Within 6 months we will need to deploy our own SharePoint server for this project.  A dedicated remotely hosted SharePoint solution will not be acceptable to the client.  More budget will be available for this.  Support will be delivered by Dell for the servers and network maintenance will be contracted out.
    Any help in making this a little less daunting would be much appreciated.
    Thanks in advance.

    Leo has given you some excellent advice ie. you cannot choose a kit list until you have a design. It just doesn't work the other way around. If you don't have the experience to design the solution then you can't really be choosing the kit. Otherwise when you do hire your consultant he might well be constrained by the kit already chosen and you will not get the best solution for your needs.
    Please don't take any of this the wrong way. NetPro is a great forum for helping people out with technical and design issues with Cisco equipment but there are times when NetPro is not the best solution and this is one of them. We could each give you a kit list of what we "think" is the best solution but that really should come from the designer.
    Jon
    Leo - will you please stop losing your points oops, and now they are back again

  • Deploying an RT app with Network Variables

    David Thomson Original Code Consulting
    www.originalcode.com
    National Instruments Alliance Program Member
    Certified LabVIEW Architect
    There are 10 kinds of people: those who understand binary, and those who don't.

       Oops - the message got posted before I even wrote it - sorry!
       I'm working on a simple RT daq app that acquires 32
    channels of AI and pops them into a network variable for a host program
    to read several times a second.  I build and deploy the app as a
    startup so that it starts every time the PXI RT system boots.  I
    want to move the RT box to another computer that has LV, but not LV-RT.
       I first tried using the variable server on the host. 
    The LV box boots and the app starts.  I start my program on the
    host, and it connects.  Everything is fine.
       However, to make the transition to another computer
    easier, I would like to host the network variables on the RT box. 
    Then I don't have to deploy them to the network variable engine on the
    new computer.  When I write the program this way, the RT half
    still boots and runs.  Using the variable monitor program, I can
    see that the variables are hosted on the RT box and are being
    updated.  So I open the host program in LV and start it.  It
    has to deploy some sort of connection to the network variables, so a
    deploy dialog pops up.  It finds out that the RT box already has
    an app running and says that if I continue to deploy, that app will be
    stopped.  If I cancel, the host app doesn't run.  If I don't
    cancel, the RT app stops.  I have to connect to the RT box again
    and redeploy the RT app.  Then both are running and I get data.
       Is there a way to host the variables on the RT box, and
    have the RT program start automatically on bootup, and have LV for
    Windows start a program that gets the variables off the RT box from a
    Windows machine that doesn't have RT?
    Thanks,
       Dave
    David Thomson Original Code Consulting
    www.originalcode.com
    National Instruments Alliance Program Member
    Certified LabVIEW Architect
    There are 10 kinds of people: those who understand binary, and those who don't.

  • Office 2013 latest update broke new profile creation on all network computers

    Hi,
    Reporting a bug here!
    Setup details:
    We're using samba 3 as our backend and all workstation are Windows 7 Pro x64.
    Office 2013 Home and Business Retail (en-us) Click 2 Run version
    Context:
    Deployed to the whole network of one of our client using the Office Deployement Tool.
    We update their base update (no updates) to the latest update 15.0.4569.1508
    Everything was working alright after initial Office 2013 installation with no updates. After updating the all the PCs to the latest version as of 31/03/2014, the user profile creation broke for newly created user.
    Symptoms and causes:
    Trying to log on as a new user on the machine would give the following error on Logon before automatically loging off because it cannot copy the following file to the new user profile:
    D:\Users\Default\AppData\Local\Microsoft\Windows Live\Bici\_00.sqm
    D:\Users\Default\AppData\Local\Microsoft\Windows Live\Bici\_01.sqm
    D:\Users\Default\AppData\Local\Microsoft\Windows Live\Bici\_02.sqm
    The Bici folder has Read and Execute permissions for everyone but the _XX.sqm files inside only have permissions (Full Control) for SYSTEM and Administrators and LOCAL SERVICE with the all permissions EXCEPT:
    - FULL CONTROL
    - TRAVERSE FOLDERS/EXECUTE FILES
    - CHANGE PERMISSIONS
    - TAKE OWNERSHIP
    Solution:
    I gave "everyone" Read and Execute permission on those files and the new user could log in and his profile got created alright.
    The files with broken permissions time stamp shows they've been modified during the Office 2013 update and Bici seems to be a OneDrive related service. This bug should get fixed ASAP.
    Event log error:
    Windows cannot copy file \\?\D:\Users\Default\AppData\Local\Microsoft\Windows Live\Bici\_01.sqm to location \\?\D:\Users\TEMP\AppData\Local\Microsoft\Windows Live\Bici\_01.sqm. This error may be caused by network problems or insufficient security rights.
     DETAIL - Access is denied.
    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
      <Provider Name="Microsoft-Windows-User Profiles General" Guid="{DB00DFB6-29F9-4A9C-9B3B-1F4F9E7D9770}" />
      <EventID>1509</EventID>
      <Version>0</Version>
      <Level>3</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8000000000000000</Keywords>
      <TimeCreated SystemTime="2014-04-04T07:15:51.922563800Z" />
      <EventRecordID>9615</EventRecordID>
      <Correlation />
      <Execution ProcessID="940" ThreadID="1764" />
      <Channel>Application</Channel>
      <Computer>F00241D1DAAAD</Computer>
      <Security UserID="S-1-5-21-1582357797-4105456612-768596941-1206" />
      </System>
    - <EventData Name="EVENT_COPYERROR">
      <Data Name="Source">\\?\D:\Users\Default\AppData\Local\Microsoft\Windows Live\Bici\_01.sqm</Data>
      <Data Name="Target">\\?\D:\Users\TEMP\AppData\Local\Microsoft\Windows Live\Bici\_01.sqm</Data>
      <Data Name="Error">Access is denied.</Data>
      </EventData>
      </Event>

    Hi dude,
    I appreciate that your sharing your experience and solution here. And, I would report it through our internal channel. Thanks again. 
    Tony Chen
    TechNet Community Support

  • ZCM10.3.4 : Server could not rebuild the deployment packages

    Hi
    I update ZCM 10.3.4 to customer ZCM 10.3.0a lab (it had restore real data) the primary server seem update successfully, but I find a error message in the ZCC, it show "This device was unable to rebuild the depolyment packages.Check the loader-messages.log on the device for the more detail."
    I try to manual rebuild deployment package by using "novell-zenworks-configure -c CreateExtractorPacks -Z".and I find the agent deployment (network/Complete) packages could be rebuilded,but satellite package fail.
    I total test one windows and Linux plateform...they get the same error message. Who has the similar issue like me ?
    wyldkao

    I have just tried updating our dev environment to 10.3.4 and am getting the same message "This device was unable to rebuild the depolyment packages. Check the loader-messages.log on the device for the more details."
    Is there a quick solution around this?
    Just to add, I manually imported the 10.3.4 update as no access to the Live network in dev (for obvious reasons).
    Chris

  • MDT 2013 - Litetouch deployment failed, Return Code = -2147467259 0x80004005

    I'm attempting to deploy an image that I have recently captured with MDT.  I was able to capture the image without any problems and after capturing, it booted up properly.  But now when I go to deploy the image using a Standard Task Sequence it
    errors out.  It does boot into WinPE and gets to the installing operating system portion then spits out the following 8 errors:
    (5624):2: Run ImageX: /apply "\\PDC31089\DeploymentShare$\Operating Systems\Win7_BUP_1-31-14\Win7_BUP_1-31-14.wim" 1 C:
    Litetouch deployment failed, Return Code = -2147467259 0x80004005
    Failed to run the action: Install Operating System.
    Unknown error (Error: 000015F8; Source: Unknown)
    The execution of the group (Install) has failed and the execution has been aborted. An action failed.
    Operation aborted (Error: 80004004; Source: Windows)
    Failed to run the last action: Install Operating System. Execution of task sequence failed.
    Unknown error (Error: 000015F8; Source: Unknown)
    Task Sequence Engine failed! Code: enExecutionFail
    Task sequence execution failed with error code 80004005
    Error Task Sequence Manager failed to execute task sequence. Code 0x80004005After I receive the error messages if I attempt to restart the computer and allow it to boot up it just comes up with:"An operating system wasn't found. Try disconnecting any drives that don't contain an operating system"
    I have tried the following to resolve this issue:
    Create a new deployment share with only network drivers added and the one .WIM that was captured with MDT as well as one Task sequence.
    Update to MDT 2013
    Update Deployment share and completely regenerate Boot images
    Tried starting deployment from within Windows by mapping the drive and executing litetouch.vbs
    Also tried starting deployment using USB boot disk
    I'm running out of ideas and seem to keep getting the same 8 error messages.  It's very aggravating and am hoping that someone can point me in the right direction.
    I've included some log files on Skydrive at:  https://skydrive.live.com/redir?resid=6375A8F9E8089918%21105

    I came across this post recently. I am having the same string of errors suddenly when I try to deploy any image from my MDT 2013 server now. Previous images now fail to install soon after the Inject Drivers task sequence at the Install Operating System sequence.
    Each time I try to deploy an image(have tried several each with different task sequences), I get the same 7 errors.
    The errors produced are:
    Litetouch deployment failed, Return Code = -2147467259 0x80004005
    Failed to run the action: Install Operating System.
    Incorrect Function (Error: 00000001; Source: Windows)
    The execution of the group (Install) has failed and the execution has been
    aborted. An action failed.
    Operation aborted (Error: 80004004; Source: Windows)
    Failed to run the last action: Install Operating System. Execution of task
    sequence failed.
    Incorrect Function
    (Error: 00000001;
    Source: Windows)
    Task Sequence Engine failed! Code: enExecutionFail
    Task sequence execution failed with error code 80004005
    Error Task Sequence Manager failed to execute task sequence. Code 0x80004005
    My HD size is 146GB with about 71GB being free.
    The BDD.log file is too large to post here apparently. Here are the
    last bits of it.
    <![LOG[Assume this disk is the destination Disk, and verify.]LOG]!><time="11:36:58.000+000" date="09-26-2014" component="ZTIDiskpart"
    context="" type="1" thread="" file="ZTIDiskpart">
    <![LOG[TargetPartitionIdentifier is set, find disk: SELECT * FROM Win32_LogicalDisk WHERE Size = '499577253888' and VolumeName = 'OSDisk' and VolumeSerialNumber = 'CA3BC8A9']LOG]!><time="11:36:58.000+000" date="09-26-2014"
    component="ZTIDiskpart" context="" type="1" thread="" file="ZTIDiskpart">
    <![LOG[Search for Drive: TargetPartitionIdentifier  SELECT * FROM Win32_LogicalDisk WHERE Size = '499577253888' and VolumeName = 'OSDisk' and VolumeSerialNumber = 'CA3BC8A9']LOG]!><time="11:36:58.000+000" date="09-26-2014"
    component="ZTIDiskpart" context="" type="1" thread="" file="ZTIDiskpart">
    <![LOG[Found Drive: C:]LOG]!><time="11:36:58.000+000" date="09-26-2014" component="ZTIDiskpart" context="" type="1" thread="" file="ZTIDiskpart">
    <![LOG[Property OSDTargetDriveCache is now = C:]LOG]!><time="11:36:58.000+000" date="09-26-2014" component="ZTIDiskpart" context="" type="1" thread="" file="ZTIDiskpart">
    <![LOG[Property OSDisk is now = C:]LOG]!><time="11:36:58.000+000" date="09-26-2014" component="ZTIDiskpart" context="" type="1" thread="" file="ZTIDiskpart">
    <![LOG[Target Drive Letter Found: C:]LOG]!><time="11:36:58.000+000" date="09-26-2014" component="ZTIDiskpart" context="" type="1" thread="" file="ZTIDiskpart">
    <![LOG[Found OS Drive: C   0]LOG]!><time="11:36:58.000+000" date="09-26-2014" component="ZTIDiskpart" context="" type="1" thread="" file="ZTIDiskpart">
    <![LOG[New ZTIDiskPartition : \\MININT-I3DUVLI\root\cimv2:Win32_LogicalDisk.DeviceID="C:"    \\MININT-I3DUVLI\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"]LOG]!><time="11:36:58.000+000"
    date="09-26-2014" component="ZTIDiskpart" context="" type="1" thread="" file="ZTIDiskpart">
    <![LOG[Check Disk [0] <> [0] OK to skip.]LOG]!><time="11:36:58.000+000" date="09-26-2014" component="ZTIDiskpart" context="" type="1" thread="" file="ZTIDiskpart">
    <![LOG[####### NOTE:  If this is one of the  last lines in your BDD.log file, check C: for the most up to date bdd.log!!!]LOG]!><time="11:36:58.000+000" date="09-26-2014" component="ZTIDiskpart"
    context="" type="1" thread="" file="ZTIDiskpart">
    <![LOG[ZTIDiskpart processing completed successfully.]LOG]!><time="11:36:58.000+000" date="09-26-2014" component="ZTIDiskpart" context="" type="1" thread="" file="ZTIDiskpart">
    <![LOG[Event 41001 sent: ZTIDiskpart processing completed successfully.]LOG]!><time="11:36:58.000+000" date="09-26-2014" component="ZTIDiskpart" context="" type="1" thread=""
    file="ZTIDiskpart">

Maybe you are looking for