Cisco Cyber Vision Network Sensor Installation Guide for Cisco IR1101 and IR1800, Release 5.0.0

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: July 12, 2024

Initial configuration

To install Cisco Cyber Vision on the Cisco IR1101, you must perform the Initial configuration which steps are described in this section.

Check the software version

Check the software version using the following command in the router's CLI:
```
Show version
```
The displayed version must be 17.2.1 or higher to be compatible with the Cisco Cyber Vision Sensor Application.

If the version is lower, you must update the router firmware. To do so, go to cisco.com and refer to the Cisco IR1101's documentation.

Check date and time

The internal clock of the router must be synchronized and configured properly.

Note

The Cisco Cyber Vision IOx sensor application gets the time from the host. Therefore, it is critical that the host synchronizes its time with the Center or a valid NTP server. If the time difference is large (hours or more), the user should adjust the Cisco IR1101 time using the CLI or the WebUI so it is close to the reference time. If not, the synchronization may take many update cycles.

Check the date and time using the following command:
```
Show clock
```
If needed, adjust to the UTC time using the following command:
```
clock set [hh:mm:ss] [month] [day] [year]
```

Or in the WebUI, navigate to Configuration > Time.

Enable IOx

Before installing the Cisco Cyber Vision sensor on the Cisco IR1101, you must enable IOx.

Procedure

Step 1

Enable IOx using the following command.

configure terminal
iox

Step 2

Check that the CAF and IOxman services are running using the following command.

exit
show iox

Setup ERSPAN

In order to receive traffic in the Cisco Cyber Vision IOx application, the application:

must be connected to a VirtualPortGroup,
must have the correct IP address assigned,
must have a monitor session created.

Connect the application to a VirtualPortGroup and set an IP address using the following commands:

Configure terminal
ip routing
interface virtualportgroup 0
ip address 169.254.1.1 255.255.255.252
exit

Create the monitor session using the following commands:

monitor session 1 type erspan-source
source interface Gi0/0/0
no shutdown
destination
erspan-id 1
mtu 1464
ip address 169.254.1.2
origin ip address 169.254.1.1
end

Setup NAT

You must add NAT rules so that the container can reach the outside. This will be on a different virtual port group from the ERSPAN to separate the traffic.

Procedure

Step 1

Type the following commands to achieve this configuration.

Configure terminal
interface GigabitEthernet 0/0/0
ip nat outside
media-type rj45
exit
interface VirtualPortGroup 1
ip address 169.254.0.1 255.255.255.252
ip nat inside
exit
ip nat inside source list NAT_ACL interface GigabitEthernet 0/0/0 overload
ip access-list standard NAT_ACL
10 permit 169.254.0.0 0.0.0.3
exit