Installation procedures

Sensor management extension installation

This section explains how to install the Cisco IC3000 thanks to the sensor management extension. You will:

  1. Retrieve the sensor management extension on cisco.com.

  2. Install the sensor management extension on Cisco Cyber Vision.

  3. Connect to the Cisco IC3000 with the serial console and check its firmware version and management interface IP address.

  4. Create a new sensor on Cisco Cyber Vision through the Cisco device deployment and proceed to its configuration.

Requirements

The hardware must have an access set to the Local Manager and to the CLI (ssh or console port).

Required material and information:

  • An Admin or Product access to Cisco Cyber Vision.

  • The network information of the Collection network interface (IP address, subnet mask and gateway).

  • A RJ45 or mini USB console cable.

  • A serial console emulator, like PuTTY.


    Note
    To be able to use the Cisco Cyber Vision sensor management extension, an IP address reachable by the Center Collection interface must be set on the Collection VLAN.

Retrieve the sensor management extension file

  1. On cisco.com, navigate to Cisco Cyber Vision's Software Download page.

  2. Download Cisco Cyber Vision Sensor Management Extension for IoX sensor setup. Version of the extension must be the same as the version of the center.

Install the sensor management extension

  1. In Cisco Cyber Vision, navigate to Admin > Extensions.

  2. Click Import extension file and select CiscoCyberVision-sensor-management-<version>.ext.

The file upload takes a few minutes.

Check the Cisco IC3000 firmware version

To ensure a proper installation of the Cisco IC3000, you must check that its firmware version is 1.2.1 or newer.

Procedure

Step 1

To check the version:
Step 2

  • Use the following command in the Cisco IC3000 shell prompt: 

    ic3k>show version

    Example:

    The version should be 1.2.1 or newer.

Check the MGMT interface IP address

Check that the IP address set on the MGMT network is the one you've configured on the Cisco Cyber Vision GUI.

To check the MGMT network interface:

Procedure

Step 1

Use the following command in the Cisco IC3000 shell prompt: 

ic3k>show interfaces
Step 2

Search for the reference "svcbr_0" which corresponds to the MGMT interface.

The IP address you've set as Host Management on Cisco Cyber Vision GUI should follow the mention "inet addr: <IP ADDRESS>".

Example:
Step 3

Test connectivity between Cisco IC3000 and IOx Local Manager

To proceed with the installation, you must first test if you have access to the Cisco IC3000's Cisco IOx Local Manager. To do so:

  1. Open Chrome.

  2. Access Cisco Iox Local Manager using the Cisco IC3000's MGMT IP address and the MGMT port number, which is 8443:

    https://Management_Address:8443

    ex: https://192.168.71.22:8443

  3. If you're able to see the following screen it means that the connectivity between the Cisco IC3000 and IOx Local Manager is on.

Create a sensor in Cisco Cyber Vision

  1. In Cisco Cyber Vision, navigate to Admin > Sensors > Sensor Explorer and click Install sensor, then Install via extension.

  2. Fill the requested fields so Cisco Cyber Vision can reach the equipment:

    • IP Address: admin address of the equipment

    • Port: management port (8443)

    • User: user with the admin rights of the equipment

    • Password: password of the admin user

    • Capture Mode: Optionally, select a capture mode.

  3. Click the Connect button.

The Center will join the equipment and display the second parameter list. For this step to succeed, the equipment needs to be reachable by the Center on its eth0 connection for a Center with single interface or eth1 for a Center with dual interface.

Configure the sensor

Once the Center can join the equipment, you will have to configure the Cisco Cyber Vision IOx sensor app by setting the Collection interface and, if needed, Active Discovery.

While some parameters are filled automatically, you can still change them if necessary.

  1. Fill the following parameters for the Collection interface:

    • Collection IP address: IP address of the sensor in the sensor (must be different than the ip address of the device)

    • Collection subnet mask: mask of the Collection IP address

    • Collection gateway: gateway of the Collection IP address (optional)

  2. Select the Application type (passive only or passive and Active Discovery).

  3. If selecting Passive and Active Discovery, the following fields will appear to set its interface:

    Physical interface: port that will be used to send packets.

    • Physical interface: port that will be used to send packets.

    • IP address of the interface dedicated to Active Discovery.

    • Prefix lenght: subnet mask of the interface.

  4. Click the Deploy button.

    The Center starts deploying the sensor application on the target equipment. This can take a few minutes.

    Once the deployment is finished, a new sensor appears in the sensors list.

    If Active Discovery has been enabled, the Active Discovery status will switch to Available and the Active Discovery button will be displayed in the right side panel as you click the sensor in the list.

    The sensor status will turn to connected.


    Note
    You can change the Active Discovery configuration by clicking the Active Discovery button. However, for changes to be applied, you will have to download a new provisioning package and deploy it on the hardware.

Manual installation

This section explains how to install the Cisco IC3000 manually. You will generate and retrieve the provisioning package from the Cisco Cyber Vision, and manually import it into the Cisco IC3000. The last step, which is optional, consists in enabling Active Discovery.

Requirements

The hardware must have an access set to the Local Manager and to the CLI (ssh or console port).

Required material and information:

  • An Admin or Product access to Cisco Cyber Vision.

  • The serial number of the Cisco IC3000 to be configured (located on the hardware's front view).

  • The Cisco IC3000 and sensor network information.

  • The Cisco Cyber Vision Sensor application to collect from cisco.com, i.e. CiscoCyberVision-IOx-IC3K-<version>.tar.

  • A console cable, for the connection to the hardware's console port.

    OR

  • An Ethernet cable, for the connection to one of the hardware's port.

Configure the Cisco IC3000

Login to Cisco Cyber Vision GUI to create and configure a new Cisco IC3000. During this step, you will have to set the Local Manager's and the Cisco IC3000 Sensor Application's network parameters to retrieve the provisioning package.

Requirements:

  • An Admin or Product access to Cisco Cyber Vision.

  • An IP addressing scheme for the Local Manager and the Collection Network Interfaces.


Important
Make sure network information entered below is set accordingly to your network infrastructure and won't result in conflict. Any mistake could bring you to perform a factory reset of the Cisco IC3000 and to start the whole procedure again.

To create and configure the Cisco IC3000 in the GUI:

Procedure

Step 1

Login to Cisco Cyber Vision.

Step 2

Navigate to Admin > Sensors > Sensor Explorer.
Step 3

Click Manual install.

The manual sensor installation opens.
Step 4

Select Cisco Cisco IC3000 as hardware model.

Important 
Two types of configuration are needed: - Cisco Cisco IC3000 configuration is to set the Local Manager Network to access the Cisco IC3000 device for configuration and troubleshooting purposes. - Sensor configuration is to set the Cisco Cyber Vision Sensor Application's to the Collection Network Interface for normal operation of Cisco Cyber Vision. Consequently, two IP addresses belonging to different subnetworks must be set accordingly to your network configuration. Pay attention to the contextual help to guide you through the configuration and keep these information stored for a later use.

To set Cisco Cisco IC3000 Local Manager:

Fill the following fields to set the Local Manager's network parameters and login:

Step 5

Type the Cisco IC3000s' serial number. It is available on the hardware's front view.

Step 6

Type the Host Management's IP address, netmask and gateway. They must be set to access the Local Manager of the Cisco IC3000 device.

Step 7

Type the Local Manager admin user name. The login is "admin" by default. You must use the default login in case a factory reset is performed and thus to avoid starting the whole procedure again.

The user name will be asked later to log in to IOx Local Manager and in case of troubleshooting and configuration. Therefore, make sure to keep this piece of information stored.

To set the Sensor application:

Fill the following fields to set Cisco Cyber Vision Sensor Application's network parameters. These correspond to the Collection Network Interface within Cisco Cyber Vision's infrastructure.

Step 8

Type Cisco Cyber Vision Cisco IC3000 Application's IP address and subnet mask.

The Center IP and gateway are optional.

You can select the default capture mode and change it later.
Step 9

Click Create Sensor.

To get the provisioning package:

Step 10

Set the Local Manager's password for troubleshooting. Make sure to keep this piece of information stored as it will be asked to access IOx Local Manager and for further troubleshooting and configuration purposes.

Step 11

Click the link to download the provisionning package.
Step 12

Click Finish.A message saying that the sensor has been successfully created is displayed.

The Cisco IC3000 status switches to Disconnected.

Important 
Do not install several provisioning package on the Cisco IC3000. The provisioning package will NOT overwrite a previously installed one with incorrect network information or a misconfigured password. In such case, a factory reset will have to be performed.

Prepare and import the provisioning package

To deploy the provisioning package in the Cisco IC3000:

Procedure

Step 1

Unzip and extract the downloaded provisioning package files at the root directory of a USB drive formatted as FAT32.

The new file is named with the Cisco IC3000's serial number.

Make sure the provisioning package name is strictly the Cisco IC3000 serial number. Any space or duplicate number will result in an unsuccessful installation.

Step 2

Disconnect the Cisco IC3000 from the DC Current source. The USB drive must be plugged at the Cisco IC3000 boot.

Step 3

Plug the USB drive on port 2 of the Cisco IC3000.

Step 4

Connect the sensor to the DC Current source.

Wait a few moments. The Cisco IC3000 status changes to Enrolled on the Cisco Cyber Vision GUI.

Step 5

Unplug the USB drive from port 2.

The status should quickly change to Connected.

The provisioning package has been installed successfully on the Cisco IC3000 and traffic starts to appear in Cisco Cyber Vision.

Enable Active Discovery

  1. Connect to the Cisco IC3000 console and type the following command to set the Active Discovery interface. 

    root@sensor:~# sbs-netconf

  2. Choose which interface to configure between eth1, eth2, eth3 and eth4.

  3. Select Active Discovery and make sure the right interface will be used for Active Discovery.

  4. Type the subnetwork IP address dedicated to Active Discovery.

  5. Select OK.

  6. Type the following command to reboot the sensor.

    root@sensor:~# reboot

  7. On the Cisco Cyber Vision Sensor Explorer page, the sensor's Active Discovery status will switch to Enabled, and the Active Discovery button will appear on the sensor's right side panel. This may take a few moments.


    Note
    You can change the Active Discovery configuration by clicking the Active Discovery button. However, for changes to be applied, you will have to download a new provisioning package and deploy it on the hardware.

Manual installation without USB (Local Manager access)

This section explains how to install the Cisco IC3000 manually without USB. You will:

  1. Create and configure a new sensor on Cisco Cyber Vision to retrieve its provisioning package.

  2. Install and configure the virtual sensor application on the Local Manager to deploy the provisioning package on the Cisco IC3000.

  3. The last step, which is optional, consists in enabling Active Discovery on the Cisco IC3000.

Requirements

The hardware must have an access set to the Local Manager and to the CLI (ssh or console port).

Required material and information:

  • An Admin or Product access to Cisco Cyber Vision.

  • A Local Manager user account and password.

  • The serial number of the Cisco IC3000 to be configured (located on the hardware's front view).

  • An IP addressing scheme for the Local Manager and the Collection Network Interfaces.

  • The Cisco Cyber Vision Sensor application to collect from cisco.com, i.e. CiscoCyberVision-IOx-IC3K-<version>.tar.

Configure the Cisco IC3000

Login to Cisco Cyber Vision GUI to create and configure a new Cisco IC3000. During this step, you will have to set the Local Manager's and the Cisco IC3000 Sensor Application's network parameters to retrieve the provisioning package.

Requirements:

  • An Admin or Product access to Cisco Cyber Vision.

  • An IP addressing scheme for the Local Manager and the Collection Network Interfaces.


Important
Make sure network information entered below is set accordingly to your network infrastructure and won't result in conflict. Any mistake could bring you to perform a factory reset of the Cisco IC3000 and to start the whole procedure again.

To create and configure the Cisco IC3000 in the GUI:

Procedure

Step 1

Login to Cisco Cyber Vision.

Step 2

Navigate to Admin > Sensors > Sensor Explorer.
Step 3

Click Manual install.

The manual sensor installation opens.
Step 4

Select Cisco Cisco IC3000 as hardware model.

Important 
Two types of configuration are needed: - Cisco Cisco IC3000 configuration is to set the Local Manager Network to access the Cisco IC3000 device for configuration and troubleshooting purposes. - Sensor configuration is to set the Cisco Cyber Vision Sensor Application's to the Collection Network Interface for normal operation of Cisco Cyber Vision. Consequently, two IP addresses belonging to different subnetworks must be set accordingly to your network configuration. Pay attention to the contextual help to guide you through the configuration and keep these information stored for a later use.

To set Cisco Cisco IC3000 Local Manager:

Fill the following fields to set the Local Manager's network parameters and login:

Step 5

Type the Cisco IC3000s' serial number. It is available on the hardware's front view.

Step 6

Type the Host Management's IP address, netmask and gateway. They must be set to access the Local Manager of the Cisco IC3000 device.

Step 7

Type the Local Manager admin user name. The login is "admin" by default. You must use the default login in case a factory reset is performed and thus to avoid starting the whole procedure again.

The user name will be asked later to log in to IOx Local Manager and in case of troubleshooting and configuration. Therefore, make sure to keep this piece of information stored.

To set the Sensor application:

Fill the following fields to set Cisco Cyber Vision Sensor Application's network parameters. These correspond to the Collection Network Interface within Cisco Cyber Vision's infrastructure.

Step 8

Type Cisco Cyber Vision Cisco IC3000 Application's IP address and subnet mask.

The Center IP and gateway are optional.

You can select the default capture mode and change it later.
Step 9

Click Create Sensor.

To get the provisioning package:

Step 10

Set the Local Manager's password for troubleshooting. Make sure to keep this piece of information stored as it will be asked to access IOx Local Manager and for further troubleshooting and configuration purposes.

Step 11

Click the link to download the provisionning package.
Step 12

Click Finish.A message saying that the sensor has been successfully created is displayed.

The Cisco IC3000 status switches to Disconnected.

Important 
Do not install several provisioning package on the Cisco IC3000. The provisioning package will NOT overwrite a previously installed one with incorrect network information or a misconfigured password. In such case, a factory reset will have to be performed.

Access the Local manager

  1. Open a browser and navigate to the IP address you configured on the interface you are connected to.

  2. Log in using the Local Manager user account and password.

  3. Once logged into the Local Manager, navigate to Configuration > Services > IOx.

  4. Log in using the user account and password.

Install the sensor virtual application

Once logged in, the following menu appears:

  1. Click Add New.

  2. Add an Application id name (e.g. CCVSensor).

  3. Select the application archive file

    (i.e. "CiscoCyberVision-IOx-IC3K-<version>.tar")

    The installation takes a few minutes.

    When the application is installed, the following message is displayed:

Configure the sensor virtual application

Procedure

Step 1

Click Activate to launch the configuration of the sensor application.

To map the Sensor network interfaces:

Step 2

Access Applications > Resources.
Step 3

Under Network Configuration, click Edit in the eth0 line (1).

Step 4

Set eth0 as iox-bridge0 (2).

Step 5

Click OK (3).

Step 6

A message saying that the network interface has been changed displays. Click OK.
Step 7

Set the network interfaces eth1, eth2, eth3 and eth4 by repeating the previous steps and using the table below. You must click OK each time you map a new interface for changes to be taken into consideration.

Each network interface must be mapped like below:

Name

Network Configuration

eth0

iox-bridge0

eth1

int1

eth2

int2

eth3

int3

eth4

int4

To set eth1, eth2, eth3 and eth4 as mirrored ports:

Step 8

Click Edit beside eth1 (1).

Step 9

Click Interface Settings (2).

Step 10

Tick Enabled for Mirror Mode (3).

Step 11

Click OK (4).

Step 12

Repeat the above steps for eth2, eth3 and eth4.

To set the peripherical configuration:

Step 13

Under Peripherical Configuration, click Edit (1).

Step 14

Tick Port:1usb1 (2).

Step 15

Click OK (3).

Step 16

Click Activate App on the page top right corner.

To start the Sensor Application:

Step 17

Access the Applications tab again.
Step 18

Click Start.

The application moves from Activated to Running state.
Step 19

Import the provisioning package

  1. In the Local Manager, in the IOx configuration menu, click Manage.

  2. Navigate to App_DataDir.

  3. Before browsing the file,you must unzip the provisioning package.

  4. Click Upload.

  5. Navigate to the folder with the sensor serial name (i.e. FCH2312Y03F) > appconfigs, and select cybervision-sensor-config.zip.

  6. Make sure the path contains the entire file name (with .zip).

  7. Click OK.

Reboot the Cisco IC3000

  1. Disconnect the Cisco IC3000 from the DC Current source.

  2. Connect the Cisco IC3000 to the DC Current source.

    Wait a few moments for the boot to complete.

  3. After a few seconds, the sensor appears as connected in Cisco Cyber Vision.

  4. The Cisco IC3000 has been successfully installed. If the Cisco IC3000 has been connected to the Industrial Network, traffic starts to appear in Cisco Cyber Vision.

Enable Active Discovery

  1. Connect to the Cisco IC3000 console and type the following command to set the Active Discovery interface. 

    root@sensor:~# sbs-netconf

  2. Choose which interface to configure between eth1, eth2, eth3 and eth4.

  3. Select Active Discovery and make sure the right interface will be used for Active Discovery.

  4. Type the subnetwork IP address dedicated to Active Discovery.

  5. Select OK.

  6. Type the following command to reboot the sensor.

    root@sensor:~# reboot

  7. On the Cisco Cyber Vision Sensor Explorer page, the sensor's Active Discovery status will switch to Enabled, and the Active Discovery button will appear on the sensor's right side panel. This may take a few moments.


    Note
    You can change the Active Discovery configuration by clicking the Active Discovery button. However, for changes to be applied, you will have to download a new provisioning package and deploy it on the hardware.