- Cisco Network Router User's Manual

ManualsBrandsCisco Systems ManualsNetwork RouterIPS4520K9

311

312

313

314

315

316

317

318

319

320

E-14

Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.1

OL-24002-01

Appendix E Troubleshooting

Time Sources and the Sensor

sensor (config)# service host

sensor (config-hos)#

Step 3

Verify the state of password recovery by using the include keyword to show settings in a filtered output.

sensor(config-hos)# show settings | include password

password-recovery: allowed <defaulted>

sensor(config-hos)#

Troubleshooting Password Recovery

When you troubleshoot password recovery, pay attention to the following:

•

You cannot determine whether password recovery has been disabled in the sensor configuration

from the ROMMON prompt, GRUB menu, switch CLI, or router CLI. If you attempt password

recovery, it always appears to succeed. If it has been disabled, the password is not reset to cisco. The

only option is to reimage the sensor.

•

You can disable password recovery in the host configuration. For the platforms that use external

mechanisms, such as ROMMON, although you can run commands to clear the password, if

password recovery is disabled in the IPS, the IPS detects that password recovery is not allowed and

rejects the external request.

•

To check the state of password recovery, use the show settings | include password command.

Time Sources and the Sensor

This section describes how to maintain accurate time on the sensor, and contains the following topics:

•

Time Sources and the Sensor, page E-14

•

Synchronizing IPS Module Clocks with Parent Device Clocks, page E-15

•

Verifying the Sensor is Synchronized with the NTP Server, page E-15

•

Correcting Time on the Sensor, page E-16

Time Sources and the Sensor

Note

We recommend that you use an NTP server to regulate time on your sensor. You can use authenticated

or unauthenticated NTP. For authenticated NTP, you must obtain the NTP server IP address, NTP server

key ID, and the key value from the NTP server. You can set up NTP during initialization or you can

configure NTP through the CLI, IDM, IME, or ASDM.

The sensor requires a reliable time source. All events (alerts) must have the correct UTC and local time

stamp, otherwise, you cannot correctly analyze the logs after an attack. When you initialize the sensor,

you set up the time zones and summertime settings. This section provides a summary of the various ways

to set the time on sensors.