Cyber Vision Support
Cisco Cyber Vision Center (CVC) gives more visibility into Industrial IoT networks across Industrial Control Systems (ICS) with real-time monitoring of control and data networks. On IoT IOS-XE platforms beginning with release 17.4, integration of CVC is supported by deploying IOX Cyber Vision sensor. With this sensor deployed on IoT Routers, the platform can forward the traffic from IOX applications to Cyber Vision Center for real-time monitoring and we can forward any captured PCAP files to Vision center from IOX application.
Deployment of Cyber Vision Center (CVC) on IOS-XE platform
Procedure
|
Step 1 |
Download Cisco supported Cyber Vision IOX application from the following location: https://software.cisco.com/download/home/286325414/type/286325316/release/3.1.1?catid=268438162 Select Cisco Cyber Vision Sensor IOx Application 3.1.1 for IE3400 and IR1101 . |
|
Step 2 |
Install CVC version 3.1.1 on Virtual Machine or on any Hypervisor. The following location is the download link for different versions of CVC: https://software.cisco.com/download/home/286325414/type Release Notes for Cisco Cyber Vision Release 3.1.1: |
|
Step 3 |
The CVC sensor requires two VirtualPort Group interfaces. One on the platform where one interface is used for IOX traffic, and the other for mirror traffic which is forwarded to physical, SVI or Tunnel interface which ERSPAN source. Refer to the following illustration: 
|
|
Step 4 |
The CVC Sensor deployment can be installed from either the LMGUI or CLI. |
Example Configuration for ERSPAN over L3 configuration along with Virtual Port Groups
Physical and Virtual Port Configuration:
interface virtualportgroup 0
ip address 169.254.1.1 255.255.255.252
interface virtualportgroup 1
ip nat inside
ip address 169.254.0.1 255.255.255.252
interface gi0/0/0
ip address 101.0.0.151 255.255.255.0
ip nat outside
no shut
ERSPAN Configuration:
monitor session 1 type erspan-source
source interface Gi0/0/0
no shutdown
destination
erspan-id 1
mtu 1464
ip address 169.254.1.2
origin ip address 169.254.1.1
NAT Configuration with Access-list:
ip nat inside source list NAT_ACL interface Gi0/0/0 overload
ip access-list standard NAT_ACL
10 permit 169.254.0.0 0.0.0.3
CLI Installation
To install the app through the CLI, copy the CVC sensor to bootflash, USB, or mSATA. Then install the app using the app-hosting CLI, and provide the docker options before activating the app.
For example:
Router(config-if)#iox
Router# app-hosting install app-id <app-id> package {bootflash:/|usbflash0:|msata:}
app-hosting appid <app-id>
app-vnic gateway0 virtualportgroup 0 guest-interface 0
guest-ipaddress 169.254.1.2 netmask 255.255.255.252
app-vnic gateway1 virtualportgroup 1 guest-interface 1
guest-ipaddress 169.254.0.2 netmask 255.255.255.252
app-default-gateway 169.254.0.1 guest-interface 1
app-resource docker
run-opts 1 "--rm --tmpfs /tmp:rw,size=128m"
Router# app-hosting {activate|start|stop|deactivate|uninstall} app-id <app-id>
LMGUI Installation
Configure the following to reach the LMGUI:
iox
ip http server
ip http secure-server
ip http authentication local
Username cisco privilege 15 password cisco
Login URL: http://<Mgmt_IP>/iox/login
Additional details can be found in Installing CVC Sensor using LM GUI
Register the Router Details
Procedure
|
Step 1 |
Register the IOS-XE Router details on CVC by logging in and navigating to: Admin > Sensors > Install Sensor Manually Then click on Cisco IOx Application. Refer to the following: 
|
|
Step 2 |
Provide the serial number of the Router. It should be an exact match from the output of show inventory , and then click on Create Sensor . Refer to the following: 
|
|
Step 3 |
Generate the Provisioning file from CVC by clicking on Get Provisioning File. Refer to the following: 
|
|
Step 4 |
Download the provisioning file to a local directory. The file comes as a zip file with a file name like the following: Example: |
|
Step 5 |
Import the Provisioning file to Router through the LM GUI. From the LM GUI Applications, navigate to: Applications > CVC App (Application Name) > Manage > App-DataDir Refer to the following: 
|
|
Step 6 |
Click Upload . The Upload Configuration window appears. Upload the downloaded provisioned file from CVC with the same name. Refer to the following: 
|
|
Step 7 |
Verify the Authentication on CVC. Validate if the installed sensor Status changed to Connected or Waiting for Data . Refer to the following: 
|
Capture Live Traffic
Procedure
|
Step 1 |
Sync the date and time between CVC and Router. To capture the live traffic there should be exact clock sync between Router and CVC. |
|
Step 2 |
Simulate IOX Traffic or play captured PCAP files. The CVC Sensor installed on the Router is a docker app. To login to the console of the App, perform the following command: Example: |
|
Step 3 |
Upload the PCAP Files to the App from LM-GUI. Navigate to: Applications > CVC App (Application Name) > Manage >App-Dir The following commands show how to play the PCAP file: Example: |
|
Step 4 |
Monitor the traffic on CVC. Navigate to Explore > Essential Data > Activity List Refer to the following: 
|
Feedback