Filter
Top Products
C-21
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix C Troubleshooting
Troubleshooting RADIUS Authentication
Troubleshooting RADIUS Authentication
Symptom Attempt limit configured on the IPS sensor may not be enforced for a RADIUS user.
Conditions Applicable for RADIUS users only. The RADIUS user must have logged in to the sensor at
least once after RADIUS authentication is enabled or after the sensor is reset or rebooted.
Workaround Log in to the sensor with the correct credentials and from that time on the attempt limit is
enforced for that RADIUS user.
For More Information
For detailed information about RADIUS authentication, see Configuring Authentication and User
Parameters, page 4-16.
Troubleshooting Global Correlation
Make sure you observe the following when configuring global correlation:
• Because global correlation updates occur through the sensor management interface, firewalls must
allow port 443/80 traffic.
• You must have an HTTP proxy server or a DNS server configured to allow global correlation
features to function.
• For detailed information about HTTP proxy server configuration, seeYou must have a valid IPS
license to allow global correlation features to function.
• Global correlation features only contain external IP addresses, so if you position a sensor in an
internal lab, you may never receive global correlation information.
• Make sure your sensor supports the global correlation features.
• Make sure your IPS version supports the global correlation features.
For More Information
For detailed information about global correlation, see Chapter 10, “Configuring Global Correlation.”
When to Disable Anomaly Detection
If you have anomaly detection enabled and you have your sensor configured to see only one direction of
traffic, you should disable anomaly detection. Otherwise, you will receive many alerts, because anomaly
detection sees asymmetric traffic as having incomplete connections, that is, like worm scanners, and fires
alerts.
To disable anomaly detection, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Enter analysis engine submode.
sensor# configure terminal
sensor(config)# service analysis-engine