Change the IP Address of the Management or Telemetry Interface on CTB Manager and Broker Nodes

Available Languages

Download Options

  • PDF     (264.3 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (331.0 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (424.0 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:September 30, 2025
Document ID:225105

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to change management and telemetry IP's from Cisco Telemetry Broker (CTB) Manager and Broker nodes.

    Prerequisites

    Requirements

    You must have console access to the Command Line Interface (CLI) to the desired appliance is necessary to perform the change of management IP.

    Cisco recommends that you have knowledge of these topics:

    • Basic Linux administration
    • Basic Cisco Telemetry Broker architecture

    Components used

    • CTB Manager node running release 2.2.1.
    • CTB Broker node running release 2.2.1.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Configure

    The process of changing the management IP of either the CTB Manager or Broker node is performed individually.

    In this scenario the IP address of the management interface is being changed on both the Manager node and the Broker nodes.

    From a high level the process is: 

    • Remove all Broker nodes
    • Update the Manager nodes management IP adddress
    • Generate and upload a new certificate 
    • Update the Broker nodes management IP address
    • Associate the Broker nodes to the manager
    • Add the desired rules to the desired Brokers
    tip-icon

    Tip: Broker nodes do not forward traffic as the rules are deleted when it is removed from the Manager node

    Remove all Broker nodes

    1. Log in to the CTB Manager's web interface and click Explorer in the left pane.

    2. Remove a broker nodes by selecting a Broker node in the list and then click Broker Node DetailsRemove Broker Node.

      The CTB web interface's Explorer menu
    3. Repeat step 2 for all Broker nodes.

    Update the Manager nodes management IP adddress

    1. Connect to the Manager node console, and log in as the admin user.

    2. Launch the configuration utility on the Manager with the 
      sudo ctb-install --config  command. 
      sudo ctb-install --config ​
    3. Navigate to the Management Network option using the Tab key, press the Tab key again to select OK and press enter.
      The CTB command line interface with Management Network highlighted
    4. Update the Manager’s IP address, gateway, and DNS settings to the new value.
      The CTB command line interface showing the Management Network configuration page
    5. Use the Tab key to highlight the OK option and press Enter. This restarts Manager services but does not reboot the appliance.

    6. Wait a few minutes and access the CTB Manager node web interface at the new IP address.

    Generate and upload a new certificate

    After changing the IP address, generate a new certificate for the Manager that includes the new IP address in the  Common Name field.

    For guidance, refer to this article: https://www.cisco.com/c/en/us/support/docs/security/telemetry-broker/220537-replace-telemetry-broker-identity-certif.html
    Once the new certificate has been installed on the Manager, proceed to update the IP address on each broker node in your deployment.

    Update the Broker nodes management IP address

    1. Connect to each Broker node's console, and log in as the admin user. 

    2. Launch the configuration utility on the Broker node with the sudo ctb-install --config command. 
      sudo ctb-install --config​
    3. Navigate to the Management Network section using the Tab key, then select OK and press Enter.
      The CTB command line interface with Management Network highlighted
    4. Update the Broker node’s IP address, gateway, and DNS settings as required.
      The CTB command line interface showing the Management Network configuration page
      caution-icon

      Caution: Do not change the Telemetry interface IP address in this menu; this is done in the Manager node's web interface.

    5. Press the Tab key to select OK and press Enter. This restarts certain Broker node services but does not reboot the appliance.

    Associate the Broker nodes to the manager

    1. Connect to the Broker node console, and log in as the admin user. 

    2. Run the sudo ctb-manage command to associate the Broker node with the Manager:
      sudo ctb-manage​
    3. When prompted, select option "o" to associate the Broker node with the new Manager.
      The CTB command line interface showing the output of the ctb-manage command
    4. Complete the prompts to associate the Broker node with the Manager. Ensure the Manager’s certificate includes the updated IP address for successful completion.

    5. Repeat these steps for each Broker node in your deployment.


    Add the desired rules to the desired Brokers

    1. Once all Broker nodes have been added, log into the Manager node's web interface and navigate to Explorer, select the desired Broker node, click Edit for the Telemetry interface, and assign the appropriate IP address.
      The CTB web interface showing highlighting the Edit button for a Brokers Telemetry settings
    2. Assign the new Telemetry interface to each Broker node as needed.

    3. Navigate to the Inputs tab, select each input, and assign the appropriate Broker node to each input.

      The CTB web interface showing the Netflow Inputs page

    4. In the Data Flow tab, ensure each input is connected to a designated destination.

    5. Confirm that telemetry data is being forwarded to the specified destinations.

    Verify 

    Log into the web interface of the Manager node. 

    Connect to the console of the Broker node over SSH. 

    Troubleshoot

    General

    Since the appliance is running a stock Debian operating system, you can apply most general Linux system administration practices to troubleshooting.


    Management Networking

    The Management Network interface on the appliance is managed through the systemd-networkd service rather than the ifup, ifdown or ifconfig tools. After you have completed the installation of Cisco Telemetry Broker, you can find configuration information in this file:
    /etc/systemd/network/management.network


    Telemetry Networking

    The Manager Node manages the Telemetry Network interface on the appliance. After installation, the Telemetry Network interface is mostly invisible to the operating system.

    Therefore, you must make configurations using the Cisco Telemetry Broker management layer.

    Telemetry Packet Capture

    Refer to this article for performing a packet capture on Cisco Telemetry Broker: https://www.cisco.com/c/en/us/support/docs/security/telemetry-broker/221628-perform-a-packet-capture-in-a-telemetry.html


    Diagnostics

    The appliance contains a diagnostic tool named Mayday that can capture debug information for the Cisco Telemetry Broker engineering team.

    This helpful information is useful to TAC. 

    To create a diagnostic pack with Mayday, simply SSH to the appliance and run the sudo mayday  command:
    This compiles the relevant system information into a tar ball that can be copied off the node to another location using the SCP tool.

    The location of the resulting tar ball is shown in the output.

    Example:

    $ ssh admin@<ctb-node-ip>
ctb-node> sudo mayday
<output-redacted>
2020/08/05 19:04:45 Output saved in /tmp/mayday-ctb-5SWVTpSx-202008051904.677025165.tar.gz
2020/08/05 19:04:45 All done!

    Contact Support

    If you need technical support, please do one of the following:

    Revision History

    Revision Publish Date Comments
    1.0
    30-Sep-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Jesus Ibarra
      Security TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products