Filter
Top Products
E-17
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.1
OL-24002-01
Appendix E Troubleshooting
Supported MIBs
Virtualization has the following restrictions:
•
You must assign both sides of asymmetric traffic to the same virtual sensor.
•
Using VACL capture or SPAN (promiscuous monitoring) is inconsistent with regard to VLAN
tagging, which causes problems with VLAN groups.
–
When using Cisco IOS software, a VACL capture port or a SPAN target does not always receive
tagged packets even if it is configured for trunking.
–
When using the MSFC, fast path switching of learned routes changes the behavior of VACL
captures and SPAN.
•
Persistent store is limited.
Virtualization has the following traffic capture requirements:
•
The virtual sensor must receive traffic that has 802.1q headers (other than traffic on the native VLAN
of the capture port).
•
The sensor must see both directions of traffic in the same VLAN group in the same virtual sensor
for any given sensor.
The following sensors support virtualization:
•
ASA 5500-X IPS SSP
•
ASA 5585-X IPS SSP
•
IPS 4270-20
•
IPS 4345
•
IPS 4360
•
IPS 4510
•
IPS 4520
Supported MIBs
To avoid problems with configuring SNMP, be aware of the MIBs that are supported on the sensor.
The following private MIBs are supported on the sensor:
•
CISCO-CIDS-MIB
The CISCO-CIDS-MIB has been updated to include SNMP health data in IPS 7.1(3)E4 and later.
•
CISCO-ENHANCED-MEMPOOL-MIB
•
CISCO-ENTITY-ALARM-MIB
You can obtain these private Cisco MIBs under the heading SNMP v2 MIBs at this URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Note
MIB II is available on the sensor, but we do not support it. We know that some elements are not correct
(for example, the packet counts from the IF MIB on the sensing interfaces). While you can use elements
from MIB II, we do not guarantee that they all provide correct information. We fully support the other
listed MIBs and their output is correct.