Once you have met all the necessary requirements for older
sensor models, you need to initialize the sensor. If the sensor is a newer
model, no additional considerations need to be made.
To initialize a sensor with software version 4.0, follow these
steps.
-
Power up the appliance.
-
Insert the Cisco IDS 4.0(1) Upgrade/Recovery CD.
-
When the boot menu appears, type either a k
to use a directly connected keyboard and monitor, or type s to use a serial connection while installing the image. It will
take several minutes for the files to copy to the sensor.
-
Log on to the sensor. The default username and password for
version 4.0 are the same: cisco. You will be prompted to
change the password on the first login.
-
At the prompt, type setup to initialize
the sensor. The System Configuration Dialog screen, shown next, is displayed.
Press the Spacebar to continue.
---System Configuration Dialog---
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default Settings are in square brackets '[]'.
Current Configuration:
networkParams
ipAddress
netmask
defaultGateway
hostname
telnetOption
accessList 10.0.0.0 255.0.0.0
exit
timeParams
summerTimeParams
active-selection
exit
exit
service webServer
general
ports
exit
exit
-
You are prompted whether to continue with the configuration
dialog. Type yes or press Enter. Any default
answers are in the square "[]" brackets.
-
Type the host name of the sensor.
-
Type the IP address.
-
Type the IP netmask.
-
Type the default gateway.
-
Enter the Telnet server status. The server is disabled by
default
-
Enter the Web server port, which is 443 by default.
-
Save the configuration by typing yes or no to reconfigure.
-
Do not reboot at this point. Type no when
asked to continue with the reboot.
-
Enter configuration terminal mode. Type configure terminal.
-
Enter host configuration mode. Type service
host.
-
Enter network parameters configuration mode. Type networkParams.
-
To show the current settings, type show
settings. The expected output should be similar to the
following:
networkParams
-----------------------------------------------
ipAddress: 10.0.0.8
netmask: 255.255.255.0 default: 255.255.255.0
defaultGateway: 10.0.0.10
hostname: sensor1
telnetOption: disabled default: disabled
accessList (min: 0, max: 512, current: 1)
-----------------------------------------------
ipAddress: 10.0.0.0
netmask: 255.0.0.0 default: 255.255.255.255
-
Remove the 10. network from having complete access. The
command syntax is as follows:
no accessList ipAddress 10.0.0.0 netmask 255.0.0.0
-
Enter the IP addresses of hosts or networks that will have
access to the sensor. If you can afford to do it, only specify individual host
addresses that will have access. Do not give entire networks access unless
absolutely necessary.
The syntax for a single host is as follows:
accessList ipAddress 10.0.0.4
The syntax for an entire network is as follows:
accessList ipAddress 10.0.0.0 netmask 255.255.255.0
Repeat the command as necessary depending on the number hosts
or networks being added.
-
Exit the parameters configuration mode. Type exit.
-
Set the System clock settings. Type timeParams. When done, exit back to configure terminal mode.
-
Type yes to apply settings. Type no to keep the system from rebooting, then exit configure
terminal mode. Type exit.
-
Set the clock. Type clock set hh:mm month day
year.
-
At this point, you need to generate the X.509 by typing tls generate key. Record the results. You will need to verify the
authenticity of the certificate when you connect via a Web browser.
-
Reboot the sensor. Type reset, then yes.
-
Once you have rebooted, you will need to upgrade to the
latest signature updates and set the interfaces.
Sections
Comments (0 posted)
Syndication
