Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
C-29
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix C Troubleshooting
Troubleshooting the Appliance
Correcting a Misconfigured Access List
To correct a misconfigured access list, follow these steps:
Step 1 Log in to the CLI.
Step 2 View your configuration to see the access list.
sensor# show configuration | include access-list
access-list 10.0.0.0/8
access-list 64.0.0.0/8
sensor#
Step 3 Verify that the client IP address is listed in the allowed networks. If it is not, add it.
sensor# configure terminal
sensor(config)# service host
sensor(config-hos)# network-settings
sensor(config-hos-net)# access-list 171.69.70.0/24
Step 4 Verify the settings.
sensor(config-hos-net)# show settings
network-settings
-----------------------------------------------
host-ip: 192.168.1.2/24,192.168.1.1 default: 10.1.9.201/24,10.1.9.1
host-name: sensor-238 default: sensor
telnet-option: enabled default: disabled
access-list (min: 0, max: 512, current: 3)
-----------------------------------------------
network-address: 10.0.0.0/8
-----------------------------------------------
network-address: 64.0.0.0/8
-----------------------------------------------
network-address: 171.69.70.0/24
-----------------------------------------------
-----------------------------------------------
ftp-timeout: 300 seconds <defaulted>
login-banner-text: <defaulted>
-----------------------------------------------
sensor(config-hos-net)#
Duplicate IP Address Shuts Interface Down
If you have two newly imaged sensors with the same IP address that come up on the same network at the
same time, the interface shuts down. Linux prevents the command and control interface from activating
if it detects an address conflict with another host.
To verify that the sensor in question does not have an IP address conflict with another host on the
network, follow these steps:
Step 1 Log in to the CLI.
Step 2 Determine whether the interface is up. If the output says the command and control interface link status
is down, there is a hardware issue or an IP address conflict.
sensor# show interfaces
Interface Statistics
Total Packets Received = 0
 previous next