Getting Started with the IPS

Command-Line Interface

2005 Cisco Systems, Inc. All rights reserved.

IDS v5.03-1

Command-Line Overview

2005 Cisco Systems, Inc. All rights reserved.

IDS v5.03-2

Accessing the CLI

You can access the CLI of a sensor appliance
running software via the following:
SSH
HTTPS
Serial interface connection (COM)

Telnet (disabled by default)

2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-3

CLI Features
The IDS CLI includes the following features:
Help

Tab completion
Command abbreviation
Command recall

User interactive prompts

2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-4

CLI Use
The CLI can be used to perform the following:
Sensor initialization tasks

Configuration tasks
Administrative tasks
Troubleshooting

2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-5

CLI Modes
The IPS CLI has the following command
modes:
Privileged EXEC mode
Global configuration mode
Service mode

Multi-instance service mode

2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-6

Privileged EXEC Mode

The following tasks are performed in
privileged EXEC mode:
Initialize the sensor
Reboot the sensor
Enter configuration mode

Terminate current login session

Display system settings
Ping
sensor#
2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-7

Global Configuration Mode

The following tasks are performed in global
configuration mode:
Create user accounts
Configure SSH and TLS settings
Reimage the application partition

Upgrade and downgrade system software and

signatures
Enter service configuration mode
sensor# configure terminal
sensor(config)#
2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-8

Service Mode
sensor(config)# service ?
alarm-channel-configuration
analysis-engine
authentication
event-action-rules
host
interface

logger

Deprecated - Enter configuration mode

for the alarm channel
Enter configuration mode for global
analysis engine options
Enter configuration mode for user
authentication options
Enter configuration mode for the event
action rules
Enter configuration mode for node
configuration
Enter configuration mode for interface
configuration
Enter configuration mode for debug
logger

.
.
.

Service mode is a generic command mode.

It enables you to enter configuration mode for various
services.
2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-9

Multi-Instance Service Mode: Service

Signature Definition
The following tasks are performed in service
signature definition mode:
Modify signatures
Reset signature settings to the defaults
sensor(config)# service signature-definition sig0
sensor(config-sig)# ?
application-policy
Application Policy Enforcement
Parameters
default
Set the value back to the system
default settings
.
.
.
2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-10

Multi-Instance Service Mode: Service Event

Action Rules
Within the service event action rules mode,
you can perform such tasks as configuring
rules to filter events.
sensor(config)# service event-action-rules rules0
sensor(config-sig)# ?
application-policy
Application Policy Enforcement
Parameters
default
Set the value back to the system
default settings
.
.
.

2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-11

Sensor Software
Installation

2005 Cisco Systems, Inc. All rights reserved.

IDS v5.03-12

Sensor Initialization

2005 Cisco Systems, Inc. All rights reserved.

IDS v5.03-13

Management Access
These methods are used to gain management
access to a Cisco IPS sensor appliance:
Console port (cable provided)
Telnet
SSH

HTTPS

2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-14

Sensor Initialization Tasks

Perform these tasks to initialize the sensor:
Assign a name to the sensor.
Assign an IP address and netmask to the sensor
command and control interface.
Assign a default gateway.
Enable or disable the Telnet server.
Specify the web server port.
Create network ACLs.
Configure the date and time.
Configure the sensor interfaces.
2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-15

setup Command

2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-16

setup Command (Cont.)

2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-17

setup Command (Cont.)

2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-18

setup Command (Cont.)

2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-19

setup Command (Cont.)

2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-20

Administrative Tasks

2005 Cisco Systems, Inc. All rights reserved.

IDS v5.03-21

Diagnosing Network Connectivity

sensor#

ping address [count]

Diagnoses basic network connectivity

sensor# ping 172.26.26.50 3

Diagnoses network connectivity to host

172.26.26.50 by sending three echo requests to
host 172.26.26.50

2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-22

Tracing a Route
sensor#

trace address [count]

Displays the route an IP packet takes to a destination

sensor1# trace 172.26.26.150

traceroute to 172.26.26.150 (172.26.26.150), 4 hops max, 40
byte packets
1 10.0.1.2 (10.0.1.2) 21.693 ms 11.061 ms 9.659 ms
2 172.16.1.1 (172.16.1.1) 13.303 ms 11.943 ms 15.468 ms
3 172.30.1.1 (172.30.1.1) 32.837 ms * 14.304 ms
sensor1#

Displays the route an IP packet takes to host

172.26.26.150
2005 Cisco Systems, Inc. All rights reserved.

IPS v5.03-23