Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

18-15

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 18 Configuring the ASA 5500 AIP SSM

The ASA 5500 AIP SSM and the Data Plane

The ASA 5500 AIP SSM and the Data Plane

Symptom The ASA 5500 AIP SSM data plane is kept in the Up state while applying signature updates.

You can check the ASA 5500 AIP SSM data plane status by using the show module command during

signature updates.

Possible Cause Bypass mode is set to off. The issue is seen when updating signatures, and when you

use either CSM or IDM to apply signature updates. This issue is not seen when upgrading IPS

system software.

The ASA 5500 AIP SSM and Jumbo Packets

The jumbo packet count in the show interface command output from the lines Total Jumbo Packets

Received

and Total Jumbo Packets Transmitted for ASA IPS modules may be larger than expected

due to some packets that were almost jumbo size on the wire being counted as jumbo size by the IPS.

This miscount is a result of header bytes added to the packet by the ASA before the packet is transmitted

to the IPS. For IPv4, 58 bytes of header data are added. For IPv6, 78 bytes of header data are added. The

ASA removes the added IPS header before the packet leaves the ASA.

Reloading, Shutting Down, Resetting, and Recovering the

ASA 5500 AIP SSM

Note You can enter the hw-module commands from privileged EXEC mode or from global configuration

mode. You can enter the commands in single routed mode and single transparent mode. For adaptive

security appliances operating in multi-mode (routed or transparent multi-mode) you can only execute the

hw-module commands from the system context (not from administrator or user contexts).

Use the following commands to reload, shut down, reset, recover the password, and recover the

ASA 5500 AIP SSM directly from the adaptive security appliance:

• hw-module module slot_number reload—This command reloads the software on the

ASA 5500 AIP SSM without doing a hardware reset. It is effective only when the module is in the

Up state.

• hw-module module slot_number shutdown—This command shuts down the software on the

ASA 5500 AIP SSM. It is effective only when the module is in Up state.

• hw-module module slot_number reset—This command performs a hardware reset of the

ASA 5500 AIP SSM. It is applicable when the module is in the Up/Down/Unresponsive/Recover

states.

• hw-module module slot_number password-reset—This command restores the cisco CLI account

password on the ASA 5500 AIP SSM to the default cisco.

previous next