8/10/2019 IPS-3.ppt

1/24

2005 Cisco Systems, Inc. All rights reserved. IDS v5.0 3-1

Getting Started with the IPSCommand-Line Interface

8/10/2019 IPS-3.ppt

2/24

2005 Cisco Systems, Inc. All rights reserved. IDS v5.0 3-2

Command-Line Overview

8/10/2019 IPS-3.ppt

3/24

2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-3

Accessing the CLI

You can access the CLI of a sensor appliancerunning software via the following:

SSH HTTPS Serial interface connection (COM) Telnet (disabled by default)

8/10/2019 IPS-3.ppt

4/24

2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-4

CLI Features

The IDS CLI includes the following features: Help Tab completion Command abbreviation Command recall User interactive prompts

8/10/2019 IPS-3.ppt

5/24

2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-5

CLI Use

The CLI can be used to perform the following: Sensor initialization tasks Configuration tasks Administrative tasks Troubleshooting

8/10/2019 IPS-3.ppt

6/24

2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-6

CLI Modes

The IPS CLI has the following commandmodes:

Privileged EXEC mode Global configuration mode Service mode Multi-instance service mode

8/10/2019 IPS-3.ppt

7/24 2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-7

Privileged EXEC Mode

The following tasks are performed inprivileged EXEC mode:

Initialize the sensor Reboot the sensor Enter configuration mode Terminate current login session

Display system settings Ping

sensor#

8/10/2019 IPS-3.ppt

8/24 2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-8

Global Configuration Mode

The following tasks are performed in globalconfiguration mode:

Create user accounts Configure SSH and TLS settings Reimage the application partition Upgrade and downgrade system software and

signatures Enter service configuration mode

sensor# configure terminalsensor(config)#

8/10/2019 IPS-3.ppt

9/24 2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-9

Service Mode

Service mode is a generic command mode. It enables you to enter configuration mode for various

services.

sensor(config)# service ?alarm-channel-configuration Deprecated - Enter configuration mode

for the alarm channelanalysis-engine Enter configuration mode for global

analysis engine optionsauthentication Enter configuration mode for user

authentication optionsevent-action-rules Enter configuration mode for the event

action ruleshost Enter configuration mode for node

configurationinterface Enter configuration mode for interface

configurationlogger Enter configuration mode for debug

logger

.

.

.

8/10/2019 IPS-3.ppt

10/24 2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-10

Multi-Instance Service Mode: ServiceSignature Definition

The following tasks are performed in servicesignature definition mode:

Modify signatures Reset signature settings to the defaults

sensor(config)# service signature-definition sig0sensor(config-sig)# ?

application-policy Application Policy EnforcementParametersdefault Set the value back to the system

default settings...

8/10/2019 IPS-3.ppt

11/24 2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-11

Multi-Instance Service Mode: Service EventAction Rules

Within the service event action rules mode,you can perform such tasks as configuringrules to filter events.

sensor(config)# service event-action-rules rules0sensor(config-sig)# ?application-policy Application Policy Enforcement

Parametersdefault Set the value back to the system

default settings...

8/10/2019 IPS-3.ppt

12/24 2005 Cisco Systems, Inc. All rights reserved. IDS v5.0 3-12

Sensor SoftwareInstallation

8/10/2019 IPS-3.ppt

13/24 2005 Cisco Systems, Inc. All rights reserved. IDS v5.0 3-13

Sensor Initialization

8/10/2019 IPS-3.ppt

14/24 2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-14

Management Access

These methods are used to gain managementaccess to a Cisco IPS sensor appliance:

Console port (cable provided) Telnet SSH HTTPS

8/10/2019 IPS-3.ppt

15/24 2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-15

Sensor Initialization Tasks

Perform these tasks to initialize the sensor: Assign a name to the sensor. Assign an IP address and netmask to the sensor

command and control interface. Assign a default gateway. Enable or disable the Telnet server. Specify the web server port. Create network ACLs. Configure the date and time. Configure the sensor interfaces.

8/10/2019 IPS-3.ppt

16/24 2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-16

setup Command

8/10/2019 IPS-3.ppt

17/24 2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-17

setup Command (Cont.)

8/10/2019 IPS-3.ppt

18/24 2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-18

setup Command (Cont.)

8/10/2019 IPS-3.ppt

19/24 2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-19

setup Command (Cont.)

8/10/2019 IPS-3.ppt

20/24 2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-20

setup Command (Cont.)

8/10/2019 IPS-3.ppt

21/24

2005 Cisco Systems, Inc. All rights reserved. IDS v5.0 3-21

Administrative Tasks

8/10/2019 IPS-3.ppt

22/24

2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-22

Diagnosing Network Connectivity

Diagnoses basic network connectivity

ping address [ count ]

sensor#

sensor# ping 172.26.26.50 3

Diagnoses network connectivity to host

172.26.26.50 by sending three echo requests tohost 172.26.26.50

8/10/2019 IPS-3.ppt

23/24

2005 Cisco Systems, Inc. All rights reserved. IPS v5.0 3-23

Tracing a Route

trace address [ count ]sensor#

sensor1# trace 172.26.26.150traceroute to 172.26.26.150 (172.26.26.150), 4 hops max, 40 byte packets1 10.0.1.2 (10.0.1.2) 21.693 ms 11.061 ms 9.659 ms2 172.16.1.1 (172.16.1.1) 13.303 ms 11.943 ms 15.468 ms3 172.30.1.1 (172.30.1.1) 32.837 ms * 14.304 ms

sensor1#

Displays the route an IP packet takes to a destination

Displays the route an IP packet takes to host172.26.26.150

8/10/2019 IPS-3.ppt

24/24