Upgrading a Sensor from 3.1 to 4.0
Upgrading your IDS sensor to version 4.0 from 3.1 is very similar to re-imaging the sensor using the Cisco IDS 4.0(1) Upgrade/Recovery CD. There are a few considerations before upgrading that need to be addressed. If your IDS sensor is model IDS-4235 or IDS-4250, you must upgrade the BIOS before you can install version 4.0 on either platform. The other consideration is that if your IDS sensors are models IDS-4220-E or IDS-4230-FE, you must swap the interface cables on the two ports. The PCI card that is normally used for sniffing on the IDS-4220-E and the IDS-4230-FE does not support monitoring of dot1q trunk packets or the tracking of alarm 993, Dropped Packet. The performance of the PCI card is also lower than the integrated NIC. If you do not swap the cables on the IDS-4220-E or IDS-4230-FE, there is a chance you will not be able to connect to your appliance over the network.
Prior to upgrading, make sure you record the configuration information before reinitializing the sensor using the run Diagnostics command.
Upgrading a Sensor BIOS
To upgrade the Bios on the IDS4235 or IDS4250, follow these steps:
Note | You have to use a directly connected keyboard and monitor for this procedure. A console connection will not work. |
-
Copy the file Bios_A04.exe from the Cisco IDS 4.0(1) Upgrade/Recovery CD located off of the root in /BIOS to a temp folder on your Windows workstation. If you do not have the CD, you can download it from Cisco.com.
-
Insert a 1.44MB floppy diskette into your workstation.
-
Execute the BIOS update file. Double-click BIOS_A04.exe. This creates the BIOS update diskette.
-
Take the new BIOS diskette and insert it into your IDS-4235 or IDS-4250.
-
Boot the sensor from the BIOS diskette and follow the instructions displayed. Do not reboot or power off until this process has completed.
-
With the upgrade finished, remove the diskette and reboot the sensor.
Initializing a Version 4.0 Sensor
Once you have met all the necessary requirements for older sensor models, you need to initialize the sensor. If the sensor is a newer model, no additional considerations need to be made.
To initialize a sensor with software version 4.0, follow these steps.
-
Power up the appliance.
-
Insert the Cisco IDS 4.0(1) Upgrade/Recovery CD.
-
When the boot menu appears, type either a k to use a directly connected keyboard and monitor, or type s to use a serial connection while installing the image. It will take several minutes for the files to copy to the sensor.
-
Log on to the sensor. The default username and password for version 4.0 are the same: cisco. You will be prompted to change the password on the first login.
-
At the prompt, type setup to initialize the sensor. The System Configuration Dialog screen, shown next, is displayed. Press the Spacebar to continue.
---System Configuration Dialog---
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default Settings are in square brackets '[]'.
Current Configuration:
networkParams
ipAddress
netmask
defaultGateway
hostname
telnetOption
accessList 10.0.0.0 255.0.0.0
exit
timeParams
summerTimeParams
active-selection
exit
exit
service webServer
general
ports
exit
exit -
You are prompted whether to continue with the configuration dialog. Type yes or press Enter. Any default answers are in the square "[]" brackets.
-
Type the host name of the sensor.
-
Type the IP address.
-
Type the IP netmask.
-
Type the default gateway.
-
Enter the Telnet server status. The server is disabled by default
-
Enter the Web server port, which is 443 by default.
-
Save the configuration by typing yes or no to reconfigure.
-
Do not reboot at this point. Type no when asked to continue with the reboot.
-
Enter configuration terminal mode. Type configure terminal.
-
Enter host configuration mode. Type service host.
-
Enter network parameters configuration mode. Type networkParams.
-
To show the current settings, type show settings. The expected output should be similar to the following:
networkParams
-----------------------------------------------
ipAddress: 10.0.0.8
netmask: 255.255.255.0 default: 255.255.255.0
defaultGateway: 10.0.0.10
hostname: sensor1
telnetOption: disabled default: disabled
accessList (min: 0, max: 512, current: 1)
-----------------------------------------------
ipAddress: 10.0.0.0
netmask: 255.0.0.0 default: 255.255.255.255 -
Remove the 10. network from having complete access. The command syntax is as follows:
no accessList ipAddress 10.0.0.0 netmask 255.0.0.0
-
Enter the IP addresses of hosts or networks that will have access to the sensor. If you can afford to do it, only specify individual host addresses that will have access. Do not give entire networks access unless absolutely necessary.
The syntax for a single host is as follows:
accessList ipAddress 10.0.0.4
The syntax for an entire network is as follows:
accessList ipAddress 10.0.0.0 netmask 255.255.255.0
Repeat the command as necessary depending on the number hosts or networks being added.
-
Exit the parameters configuration mode. Type exit.
-
Set the System clock settings. Type timeParams. When done, exit back to configure terminal mode.
-
Type yes to apply settings. Type no to keep the system from rebooting, then exit configure terminal mode. Type exit.
-
Set the clock. Type clock set hh:mm month day year.
-
At this point, you need to generate the X.509 by typing tls generate key. Record the results. You will need to verify the authenticity of the certificate when you connect via a Web browser.
-
Once you have rebooted, you will need to upgrade to the latest signature updates and set the interfaces.