E-23
Cisco Intrusion Prevention System Appliance Hardware Installation Guide for IPS 7.1
OL-24002-01
Appendix E Troubleshooting
Troubleshooting the Appliance
• Communication Problems, page E-25
• The SensorApp and Alerting, page E-29
• Blocking, page E-36
• Logging, page E-45
• TCP Reset Not Occurring for a Signature, page E-51
• Software Upgrades, page E-52
Tip Before troubleshooting the appliance, check the Caveats section of the Readme for the software
version you have installed on your sensor to see if you are dealing with a known issue.
The Appliance and Jumbo Packet Frame Size
For IPS standalone appliances with 1 G and 10 G fixed or add-on interfaces, the maximum jumbo frame
size is 9216 bytes.
Note A jumbo frame is an Ethernet packet that is larger than the standard maximum of 1518 bytes (including
Layer 2 header and FCS).
Hardware Bypass and Link Changes and Drops
Note Hardware bypass is available on the 4GE bypass interface card, which is supported on the IPS 4270-20.
Properly configuring and deploying hardware bypass protects against complete link failure if the IPS
appliance experiences a power loss, critical hardware failure, or is rebooted; however, a link status
change still occurs when hardware bypass engages (and again when it disengages).
During engagement, the interface card disconnects both physical connections from itself and bridges
them together. The interfaces of the connected devices can then negotiate the link and traffic forwarding
can resume. Once the appliance is back online, hardware bypass disengages and the interface card
interrupts the bypass and reconnects the links back to itself. The interface card then negotiates both links
and traffic resumes.
There is no built-in way to completely avoid link status changes and drops. However, you can greatly
reduce the interruption time (in some cases to sub-second times) by doing the following:
• Make sure you use CAT 5e/6-certified cabling for all connections.
• Make sure the interfaces of the connected devices are configured to match the interfaces of the
appliance for speed/duplex negotiation (auto/auto).
• Enable portfast on connected switchports to reduce spanning-tree forwarding delays.
For More Information
For more information about the hardware bypass card on the IPS 4270-20, see Hardware Bypass,
page 3-5.
Comments to this Manuals