Cisco Cyber Vision Installation guide

Brand: Cisco

Model: Cyber Vision

Type: Installation guide

Cisco Cyber Vision is an advanced network sensor that provides comprehensive visibility and security for your network. With its ability to detect and respond to threats in real-time, Cisco Cyber Vision helps you protect your network from a wide range of cyberattacks. It also offers deep insights into network traffic, allowing you to optimize performance and troubleshoot issues quickly and easily.

Cisco Cyber Vision Network Sensor

Installation Guide for Cisco IC3000

Cisco Systems, Inc.

Rev. 1.3.0, 22 July 2021

Cisco Cyber Vision Network Sensor Installation Guide for Cisco IC3000

Rev. 1.3.0, 22 July 2021

Owner: Cisco IoT

Author: Juliette Maffet

Cisco Systems, Inc.

Trademark Acknowledgments

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco

trademarks, go to this URL: www.cisco.com/go/trademarks.

Third party trademarks mentioned are the property of their respective owners.

The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Publication Disclaimer

Cisco Systems, Inc. assumes no responsibility for errors or omissions that may appear in this publication. We reserve the right to change this publication at

any time without notice. This document is not to be construed as conferring by implication, estoppel, or otherwise any license or right under any copyright or

patent, whether or not the use of any information in this document employs an invention claimed in any existing or later issued patent. A printed copy of this

document is considered uncontrolled. Refer to the online version for the latest revision.

Information in this publication is subject to change without notice. No part of this publication may be reproduced or transmitted in any form, by photocopy,

microfilm, xerography, or any other means, or incorporated into any information retrieval system, electronic or mechanical, for any purpose, without the

express permission of Cisco Systems, Inc.

Americas Headquarters

Cisco Systems, Inc.

San Jose, CA

Asia Pacific Headquarters

Cisco Systems (USA) Pte. Ltd.

Singapore

Europe Headquarters

Cisco Systems International BV Amsterdam

The Netherlands

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

Total pages: 44

Contents

1 About this documentaon. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

1.1 Document purpose. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

1.2 Warnings and noces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

1.3 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

1.4 Cisco IC3000 front view. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

1.5 Connect the Cisco IC3000. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1.6 Connect to the Cisco IC3000 with the serial console. . . . . . . . . . . . . . . . . . . . 6

1.7 Installaon procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

1.7.1 Sensor management extension installaon. . . . . . . . . . . . . . . . . . . . 9

1.7.2 Manual installaon. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.7.3 Manual installaon without USB (Local Manager access). . . . . . . . 24

1.8 Upgrade procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

1.8.1 Upgrade through the Local Manager. . . . . . . . . . . . . . . . . . . . . . . . 38

1.8.2 Upgrade with the combined update le. . . . . . . . . . . . . . . . . . . . . . 43

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 3Contents

1.1

1.2

1.3

1About this documentation

Document purpose

This installaon guide describes how to perform a clean installaon of Cisco Cyber Vision

on a Cisco IC3000 Industrial Compute Gateway.

This documentaon is applicable to system version 4.0.0.

Warnings and notices

This manual contains noces you have to observe to ensure your personal safety as well

as to prevent damage to property.

The noces referring to your personal safety and to your property damage are

highlighted in the manual by a safety alert symbol described below. These noces are

graded according to the degree of danger.

WARNING

Indicates risks that involve industrial network safety or producon failure that could possibly

result in personal injury or severe property damage if proper precauons are not taken.

IMPORTANT

Indicates risks that could involve property or Cisco equipment damage and minor personal

injury if proper precauons are not taken.

Note

Indicates important informaon on the product described in the documentaon to which

aenon should be paid.

Overview

The Cisco IC3000 Industrial Compute Gateway is an edge compung plaorm which

extends the cloud compung paradigm to the edge of the network. The Cisco IC3000

captures trac in SPAN mode. It contains 2 RJ45 10/100/1000 BaseT connectors ports

and 2 SFP ber ports to connect switches in port mirroring.

To enroll the Cisco IC3000 in Cisco Cyber Vision, take a moment to look at the Cisco

IC3000's parts (page 5), then start by connecng the hardware (page 6), and proceed

with one of the installaon methods available:

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 4About this

documentaon

■

1.4

■

Use the sensor management extension (page 9) available on cisco.com

(recommended).

■ Perform a manual installaon (page 17).

■ Perform a manual installaon without USB (page 24).

To upgrade the Cisco IC3000, refer to one of the methods

available:

Use the Local Manager (page 38).

Use the combined update le (page 43).

Cisco IC3000 front view

Before starng, take a moment to note and unscrew the following parts you're going to

use during the procedure.

DC-in connectors (1)

Serial number (2)

Reset pinhole (3)

SYS LED (4)

Console connectors (5): RJ-45 and mini-USB

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 5About this

documentaon

■

1.5

■

1.6

USB port 2 (6)

MGMT Ethernet port (7): Local Manager and Collecon network interfaces

Industrial Network Interfaces (8): 2x RJ45 10/100/1000 BaseT connectors and 2x SFP

ber ports

Connect the Cisco IC3000

The Cisco IC3000 contains 4 independent capture ports in SPAN mode, each of which can

be connected to a switch.

The Cisco IC3000's Industrial network interface is to be connected to switches congured

in port mirroring only.

To connect the network interfaces to the Cisco IC3000:

1. Connect the Collecon network interface (IC3000 to Center) to the MGMT ENET port

(1).

2. Connect the Industrial network interface (IC3000 to on-site switches) to ports 1, 2, 3,

4 (up to 4 switches congured in port mirroring).

Ports 1 and 2 are RJ45 10/100/1000 BaseT Connectors (2).

Ports 3 and 4 are SFP ber ports (3).

Connect to the Cisco IC3000 with the serial console

This secon describes how to establish a connecon to the Cisco IC3000 from Windows

10 using PuTTY. It is required to perform a sensor management extension installaon and

to enable Acve Discovery (oponal) when performing a manual installaon.

Note

This procedure will also work for other versions of Windows.

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 6About this

documentaon

■

Requirements:

A RJ45 or mini USB console cable.

A serial console emulator, like PuTTY.

To connect a console to the Cisco IC3000:

1. Download and install on your computer a serial console emulator like PuTTY. Refer

to its own documentaon to use it.

2. Connect your computer to the Cisco IC3000 through its serial port using the RJ45 or

mini USB console cable.

If you are using Windows, you need to idenfy to which COM port the console is

connected.

To idenfy the COM port:

1. Right click on the Windows Start icon and select "Device Manager".

2. Scroll down and click "Ports (COM & LPT)" menu. The COM number appears.

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 7About this

documentaon

To start a connecon to the Cisco IC3000:

1. Make sure there is no USB drive plugged into the Cisco IC3000.

2. Disconnect the Cisco IC3000 from the DC Current source.

3. Open PuTTY.

The following screen appears:

4. Select Serial for the Connecon type.

5. Enter "COM<number>" into the serial line eld.

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 8About this

documentaon

1.7

1.7.1

1.7.1.1

Set speed at 9600.

6. Click Open to display the shell prompt for PuTTY.

7. Connect the Cisco IC3000 to the DC current source.

Wait a few moments. When boong is complete, the shell prompt will ask you to

press return to start.

The connecon has established with success.

Installation procedures

Sensor management extension installation

This secon explains how to install the Cisco IC3000 thanks to the sensor management

extension. You will:

1. Retrieve the sensor management extension on cisco.com.

2. Install the sensor management extension on Cisco Cyber Vision.

3. Connect to the Cisco IC3000 with the serial console and check its rmware version

and management interface IP address.

4. Create a new sensor on Cisco Cyber Vision through the Cisco device deployment and

proceed to its conguraon.

Requirements

The hardware must have an access set to the Local Manager and to the CLI (ssh or

console port).

Required material and informaon:

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 9About this

documentaon

■

1.7.1.1

An Admin or Product access to Cisco Cyber Vision.

The network informaon of the Collecon network interface (IP address, subnet

mask and gateway).

A RJ45 or mini USB console cable.

A serial console emulator, like PuTTY.

Note

To be able to use the Cisco Cyber Vision sensor management extension, an IP address

reachable by the Center Collecon interface must be set on the Collecon VLAN.

Retrieve the sensor management extension le

1. On cisco.com, navigate to Cisco Cyber Vision's Soware Download page.

2. Download Cisco Cyber Vision Sensor Management Extension for IoX sensor setup.

Install the sensor management extension

1. In Cisco Cyber Vision, navigate to Admin > Extensions.

2. Click Import extension le and select CiscoCyberVision-sensor-management-

<version>.ext.

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 10About this

documentaon

1.7.1.1

The le upload takes a few minutes.

Check the Cisco IC3000 rmware version

To ensure a proper installaon of the Cisco IC3000, you must check that its rmware

version is 1.2.1 or newer.

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 11About this

documentaon

■

1.7.1.1

To check the version:

Use the following command in the Cisco IC3000 shell prompt:

ic3k>show version

Example:

The version should be 1.2.1 or newer.

Check the MGMT interface IP address

Check that the IP address set on the MGMT network is the one you've congured on the

Cisco Cyber Vision GUI.

To check the MGMT network interface:

1. Use the following command in the Cisco IC3000 shell prompt:

ic3k>show interfaces

2. Search for the reference "svcbr_0" which corresponds to the MGMT interface.

The IP address you've set as Host Management on Cisco Cyber Vision GUI should

follow the menon "inet addr: <IP ADDRESS>".

Example:

Test connecvity between Cisco IC3000 and IOx Local Manager

To proceed with the installaon, you must rst test if you have access to the Cisco

IC3000's Cisco IOx Local Manager. To do so:

1. Open Chrome.

2. Access Cisco Iox Local Manager using the Cisco IC3000's MGMT IP address and the

MGMT port number, which is 8443:

hps://Management_Address:8443

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 12About this

documentaon

1.7.1.1

♦

ex: hps://192.168.71.22:8443

3. If you're able to see the following screen it means that the connecvity between the

Cisco IC3000 and IOx Local Manager is on.

Create a sensor in Cisco Cyber Vision

1. In Cisco Cyber Vision, navigate to Admin > Sensors > Management and click DEPLOY

CISCO DEVICE.

2. Fill the requested elds so Cisco Cyber Vision can reach the equipment:

IP Address: admin address of the equipment

Port: management port (8443)

User: user with the admin rights of the equipment

Password: password of the admin user

Capture Mode: Oponally, select a capture mode.

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 13About this

documentaon

1.7.1.1

3. Click the Deploy buon.

The Center will join the equipment and display the second parameter list. For this step to

succeed, the equipment needs to be reachable by the Center on its eth0 connecon for a

Center with single interface or eth1 for a Center with dual interface.

Congure the sensor

If the Center can join the equipment, the following window appears:

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 14About this

documentaon

♦

•

While some parameters are lled automacally, you can sll change them if necessary.

1. Fill the following parameters for the Collecon interface:

Collecon IP address: IP address of the sensor in the sensor

Collecon subnet mask: mask of the Collecon IP address

Collecon gateway: gateway of the Collecon IP address

2. Select the Applicaon type (passive only or passive and Acve Discovery).

a. If selecng Passive and Acve Discovery, the following elds will appear to set

its interface:

Physical interface: port that will be used to send packets.

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 15About this

documentaon

•

IP address of the interface dedicated to Acve Discovery.

Prex lenght: subnet mask of the interface.

1. Click the Deploy buon.

The Center starts deploying the sensor applicaon on the target equipment. This can

take a few minutes.

Once the deployment is nished, a new sensor appears in the sensors list.

If Acve Discovery has been enabled, the Acve Discovery status will switch to

Available and the Acve Discovery buon will be displayed.

The sensor status will turn to connected.

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 16About this

documentaon

1.7.2

1.7.2.1

■

Note

You can change the Acve Discovery conguraon by clicking the Acve Discovery buon.

However, for changes to be applied, you will have to download a new provisioning package

and deploy it on the hardware.

Manual installation

This secon explains how to install the Cisco IC3000 manually. You will generate and

retrieve the provisioning package from the Cisco Cyber Vision, and manually import it

into the Cisco IC3000. The last step, which is oponal, consists in enabling Acve

Discovery.

Requirements

The hardware must have an access set to the Local Manager and to the CLI (ssh or

console port).

Required material and informaon:

An Admin or Product access to Cisco Cyber Vision.

The serial number of the Cisco IC3000 to be congured (located on the hardware's

front view).

The Cisco IC3000 and sensor network informaon.

The Cisco Cyber Vision Sensor applicaon to collect from cisco.com, i.e.

CiscoCyberVision-IOx-IC3K-<version>.tar.

A console cable, for the connecon to the hardware's console port.

An Ethernet cable, for the connecon to one of the hardware's port.

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 17About this

documentaon

1.7.2.1

■

Congure the Cisco IC3000

step, you will have to set the Local Manager's and the Cisco IC3000 Sensor Applicaon's

network parameters to retrieve the provisioning package.

Requirements:

An Admin or Product access to Cisco Cyber Vision.

An IP addressing scheme for the Local Manager and the Collecon Network

Interfaces.

IMPORTANT

Make sure network informaon entered below is set accordingly to your network

infrastructure and won't result in conict. Any mistake could bring you to perform a

factory reset of the Cisco IC3000 and to start the whole procedure again.

To create and congure the Cisco IC3000 in the GUI:

1. Login to Cisco Cyber Vision.

2. Navigate to Admin > Sensors > Management.

3. Click Install sensor manually.

The manual sensor installaon opens.

4. Select Cisco Cisco IC3000 as hardware model. The corresponding elds to be lled up

display below.

IMPORTANT

Two types of conguraon are needed:

-Cisco Cisco IC3000 conguraon is to set the Local Manager Network to access the

Cisco IC3000 device for conguraon and troubleshoong purposes.

-Sensor conguraon is to set the Cisco Cyber Vision Sensor Applicaon's to the

Collecon Network Interface for normal operaon of Cisco Cyber Vision.

Consequently, two IP addresses belonging to dierent subnetworks must be set

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 18About this

documentaon

accordingly to your network conguraon. Pay aenon to the contextual help to guide

you through the conguraon and keep these informaon stored for a later use.

To set Cisco Cisco IC3000 conguraon:

Fill the following elds to set the Local Manager's network parameters and login:

1. Type the Cisco IC3000s' serial number. It is available on the hardware's front view.

2. Type the Host Management's IP address, netmask and gateway. They must be set to

access the Local Manager of the Cisco IC3000 device.

3. Type the Local Manager admin user name. The login is "admin" by default. You must

use the default login in case a factory reset is performed and thus to avoid starng

the whole procedure again.

The user name will be asked later to log in to IOx Local Manager and in case of

troubleshoong and conguraon. Therefore, make sure to keep this piece of

informaon stored.

To set Sensor conguraon:

Fill the following elds to set Cisco Cyber Vision Sensor Applicaon's network

parameters. These correspond to the Collecon Network Interface within Cisco Cyber

Vision's infrastructure.

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 19About this

documentaon

1. Type Cisco Cyber Vision Cisco IC3000 Applicaon's IP address and subnet mask.

The Center IP and gateway are oponal.

You can select the default capture mode and change it later.

2. Click Create Sensor.

To get the provisioning package:

1. The sensor displays in the sensor list with New as status (1).

2. Click the sensor to deploy its menu.

3. Click Get provisioning package (2).

Cisco Cyber Vision Network Sensor Installaon Guide for Cisco IC3000

Rev. 1.3.0

Page 20About this

documentaon

Page is loading ...

Cisco Cyber Vision Installation guide

Cisco Cyber Vision Installation guide

Cisco Cyber Vision Installation guide

Related papers

Other documents