Installation procedures

Procedure with the Sensor management extension

This section explains how to install the Cisco IC3000 thanks to the sensor management extension. You will:

Retrieve the sensor management extension on cisco.com.
Install the sensor management extension on Cisco Cyber Vision.
Connect to the Cisco IC3000 with the serial console and check its firmware version and management interface IP address.
Create a new sensor on Cisco Cyber Vision through the Cisco device deployment and proceed to its configuration.

Requirements

The hardware must have an access set to the Local Manager and to the CLI (ssh or console port).

Required material and information:

An Admin or Product access to Cisco Cyber Vision.
The network information of the Collection network interface (IP address, subnet mask and gateway).
A RJ45 or mini USB console cable.

A serial console emulator, like PuTTY.

Note

To be able to use the Cisco Cyber Vision sensor management extension, an IP address reachable by the Center Collection interface must be set on the Collection VLAN.

Retrieve the sensor management extension file

On cisco.com, navigate to Cisco Cyber Vision's Software Download page.
Download Cisco Cyber Vision Sensor Management Extension for IoX sensor setup. Version of the extension must be the same as the version of the center.

Install the sensor management extension

In Cisco Cyber Vision, navigate to Admin > Extensions.
Click Import extension file and select CiscoCyberVision-sensor-management-<version>.ext.

The file upload takes a few minutes.

Check the Cisco IC3000 firmware version

To ensure a proper installation of the Cisco IC3000, you must check its firmware version.

It is recommended to use the newest firmware version available. The lowest version used should be 1.2.1 for a classic installation or 1.5.1 for an installation with Active Discovery.

Procedure

Step 1

To check the version:

Step 2

Use the following command in the Cisco IC3000 shell prompt:
```
ic3k>show version
```
Example:

Check the MGMT interface IP address

Check that the IP address set on the MGMT network is the one you've configured on the Cisco Cyber Vision GUI.

To check the MGMT network interface:

Procedure

Step 1

Use the following command in the Cisco IC3000 shell prompt:

ic3k>show interfaces

Step 2

Search for the reference "svcbr_0" which corresponds to the MGMT interface.

The IP address you've set as Host Management on Cisco Cyber Vision GUI should follow the mention "inet addr: <IP ADDRESS>".

Example:

Step 3

Test connectivity between Cisco IC3000 and IOx Local Manager

To proceed with the installation, you must first test if you have access to the Cisco IC3000's Cisco IOx Local Manager. To do so:

Open Chrome.
Access Cisco Iox Local Manager using the Cisco IC3000's MGMT IP address and the MGMT port number, which is 8443:

https://Management_Address:8443

ex: https://192.168.71.22:8443
If you're able to see the following screen it means that the connectivity between the Cisco IC3000 and IOx Local Manager is on.

Create a sensor in Cisco Cyber Vision

Procedure

Step 1	In Cisco Cyber Vision, navigate to Admin > Sensors > Sensor Explorer and click Install sensor, then Install via extension.
Step 2	Fill in the requested fields so Cisco Cyber Vision can reach the equipment: IP Address: admin address of the equipment Port: management port (8443)
Step 3	Select a configuration template if required. For more information, refer to Configure sensor configuration template.
Step 4	Select the credential mode used. For more information, refer to Cisco Cyber Vision GUI Administration Guide available on cisco.com.
Step 5	Optionally, select a capture mode.
Step 6	Click Connect.

The Center will join the equipment and display the second parameter list. For this step to succeed, the equipment needs to be reachable by the Center on its eth0 connection for a Center with single interface or eth1 for a Center with dual interface.

Configure the sensor

Once the Center can join the equipment, you will have to configure the Cisco Cyber Vision IOx sensor app by setting the Collection interface and, if needed, Active Discovery.

While some parameters are filled automatically, you can still change them if necessary.

Fill the following parameters for the Collection interface:
- Collection IP address: IP address of the sensor in the sensor (must be different than the ip address of the device)
- Collection subnet mask: mask of the Collection IP address
- Collection gateway: gateway of the Collection IP address (optional)
Select the Application type (passive only or passive and Active Discovery).
If selecting Passive and Active Discovery, the following fields will appear to set its interface:
- Physical interface: port that will be used to send packets.
- IP address of the interface dedicated to Active Discovery.
- Prefix lenght: subnet mask of the interface.

Click the Deploy button.

The Center starts deploying the sensor application on the target equipment. This can take a few minutes.

Once the deployment is finished, a new sensor appears in the sensors list.

If Active Discovery has been enabled, the Active Discovery status will switch to Available and the Active Discovery button will be displayed in the right side panel as you click the sensor in the list.

The sensor status will turn to connected.

Note

You can change the Active Discovery configuration by clicking the Active Discovery button. However, for changes to be applied, you will have to download a new provisioning package and deploy it on the hardware.

Procedure with the Local Manager

This section explains how to install the Cisco IC3000 with the Local Manager. You will:

Create and configure a new sensor on Cisco Cyber Vision to retrieve its provisioning package.
Install and configure the virtual sensor application on the Local Manager to deploy the provisioning package on the Cisco IC3000.
The last step, which is optional, consists in enabling Active Discovery on the Cisco IC3000.

Requirements

The hardware must have an access set to the Local Manager and to the CLI (ssh or console port).

If it's the first time the Cisco IC3000 device is installed with the Local Manager you must first proceed to a Cisco IC3000 platform initial configuration.

Required material and information:

An Admin or Product access to Cisco Cyber Vision.
A Local Manager user account and password.
The serial number of the Cisco IC3000 to be configured (located on the hardware's front view).
An IP addressing scheme for the Local Manager and the Collection Network Interfaces.
The Cisco Cyber Vision Sensor application to collect from cisco.com, i.e. CiscoCyberVision-IOx-IC3000-<version>.tar.

Access the Local Manager

Open a browser and navigate to the IP address you configured on the interface you are connected to.
Log in using the user account and password.

Install the sensor virtual application

Once logged in, the following menu appears:

Click Add New.
Add an Application id name (e.g. CCVSensor).

Select the application archive file

(i.e. "CiscoCyberVision-IOx-IC3000-<version>.tar").

Note

If you aim to install a sensor with Active Discovery, select the required application archive file

(i.e. "CiscoCyberVision-IOx-Active-Discovery-IC3000-<version>.tar").

The installation takes a few minutes.

When the application is installed, the following message is displayed and the sensor application appears:

Configure the sensor virtual application

Procedure

Step 1

Click Activate to launch the configuration of the sensor application.

Step 2

Access Applications > Resources.

Step 3

Under Resource Profile, change the disk size to 50,000 MB.

Note

Disk size shouldn't be lower than 1,000 MB.

To map the Sensor network interfaces:

Step 4	Under Network Configuration, click edit in the eth0 line.
Step 5	Set eth0 to "iox-bridge0" using the dropdown menu.
Step 6	Click Interface Setting.
Step 7	Apply the following settings: Set IPV4 as Static. Set the Sensor Collection IP and mask. If needed set a default gateway IP. Disable IPV6.
Step 8	Click OK to close the Interface Setting window and OK again to confirm Network Configurations.
Step 9	A message saying that the network interface has been changed appears. Click OK.
Step 10	Set the network interfaces eth1, eth2, eth3 and eth4 by repeating the previous steps and using the table below. You must click OK each time you map a new interface for changes to be taken into consideration.

Each network interface must be mapped like below:


Name	Network Configuration
eth0	iox-bridge0
eth1	int1
eth2	int2
eth3	int3
eth4	int4

To set eth1, eth2, eth3 and eth4 as mirrored ports:

Step 11	Click Edit beside eth.
Step 12	Click Interface Setting.
Step 13	Disable IPv4 and IPv6.
Step 14	Tick Enabled for Mirror Mode.
Step 15	Click OK.
Step 16	Repeat the above steps for eth2, eth3 and eth4.
Step 17	Click Activate App on the page top right corner. The following message appears:

To start the Sensor Application:

Step 18

Access the Applications tab again.

Step 19

Click Start.

The application moves from Activated to Running state.

Create a sensor and generate the provisioning package

Procedure

Step 1	In Cisco Cyber Vision, navigate to Admin > Sensors > Sensor Explorer and click Install sensor, then Manual install.
Step 2	Fill in the fields to configure the sensor provisioning package: The serial number of the hardware (e.g. FCH2309Y01Z). Center IP: leave blank. Gateway: add if necessary. Optionally, select a capture mode. Leave the Monitor session type setup as it is as RSPAN is already enforced on Cisco IC3000. Changing this setup will have no effect.
Step 3	Click Create sensor.
Step 4	Click Download package. The provisioning package will be downloaded. It is a zip archive file with the following name structure: sbs-sensor-config-<serialnumber>.zip (e.g. "sbs-sensor-configFCH2309Y01Z.zip").
Step 5	Click Finish. A new sensor appears in the Sensor Explorer list with the Disconnected status.

What to do next

The provisioning package must be imported in the Local Manager.

Import the provisioning package

After generating the provisioning package in Cisco Cyber Vision application, you must import it in the Local Manager so the sensor can be enrolled to Cisco Cyber Vision.

Before you begin

Procedure

Step 1	In the Local Manager, click Manage on the sensor application.
Step 2	Navigate to App-DataDir.
Step 3	Click Upload.
Step 4	Select the provisioning package (i.e. "sbs-sensor-config-<serialnumber>.zip"), and add the exact file name, extension included, in the path field (i.e. "sbs-sensor-config-<serialnumber>.zip").
Step 5	Click OK. After a few seconds, a message saying that the upload went successfully will be displayed and the sensor will appear as Connected in Cisco Cyber Vision.

Cisco Cyber Vision Network Sensor Installation Guide for Cisco IC3000, Release 4.3.0

Bias-Free Language

Book Title

Cisco Cyber Vision Network Sensor Installation Guide for Cisco IC3000, Release 4.3.0

Chapter Title