Filter
Top Products
C-17
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix C Troubleshooting
Time Sources and the Sensor
Troubleshooting Password Recovery
When you troubleshoot password recovery, pay attention to the following:
• You cannot determine whether password recovery has been disabled in the sensor configuration
from the ROMMON prompt, GRUB menu, switch CLI, or router CLI. If you attempt password
recovery, it always appears to succeed. If it has been disabled, the password is not reset to cisco. The
only option is to reimage the sensor.
• You can disable password recovery in the host configuration. For the platforms that use external
mechanisms, such as ROMMON, although you can run commands to clear the password, if
password recovery is disabled in the IPS, the IPS detects that password recovery is not allowed and
rejects the external request.
• To check the state of password recovery, use the show settings | include password command.
Time Sources and the Sensor
This section describes how to maintain accurate time on the sensor, and contains the following topics:
• Time Sources and the Sensor, page C-17
• Synchronizing IPS Clocks with Parent Device Clocks, page C-18
• Verifying the Sensor is Synchronized with the NTP Server, page C-18
• Correcting Time on the Sensor, page C-19
Time Sources and the Sensor
Note We recommend that you use an NTP server to regulate time on your sensor. You can use authenticated
or unauthenticated NTP. For authenticated NTP, you must obtain the NTP server IP address, NTP server
key ID, and the key value from the NTP server. You can set up NTP during initialization or you can
configure NTP through the CLI, IDM, IME, or ASDM.
The sensor requires a reliable time source. All events (alerts) must have the correct UTC and local time
stamp, otherwise, you cannot correctly analyze the logs after an attack. When you initialize the sensor,
you set up the time zones and summertime settings. This section provides a summary of the various ways
to set the time on sensors.
The IPS Standalone Appliances
• Use the clock set command to set the time. This is the default.
• Configure the appliance to get its time from an NTP time synchronization source.
Note The currently supported Cisco IPS appliances are the IPS 4240, IPS 4255, and IPS 4260
[IPS 7.1(5) and later], IPS 4270-20 [IPS 7.1(3) and later], IPS 4345 and IPS 4360 [IPS
7.1(3) and later], and IPS 4510 and IPS 4520 [IPS 7.1(4) and later].