Cisco Catalyst SD-WAN Solution Integrations Guide, Releases 26.x and Later

PDF

Configure Cisco cyber vision integration, high level

Want to summarize with AI?

Log in

Configure Cisco Cyber Vision integration through a high-level overview of the required configuration steps.


This task provides a high-level workflow to configure Cisco Cyber Vision integration with SD-WAN.

Use this high-level overview to understand the sequence of configuration steps required for Cisco Cyber Vision integration. Complete each referenced task in the specified order to ensure proper integration setup.

Procedure

1.

Configure a connection to a Cisco cyber vision center in the network hierarchy

2.

Create a configuration group profile with a cyber vision feature

3.

Add a cyber vision feature to a configuration group

4.

Deploy a configuration group with a Cisco cyber vision feature

You have completed the high-level configuration workflow for Cisco Cyber Vision integration. The integration is now configured and ready for deployment.

What to do next

After the configuration steps, you can monitor the activity of the Cisco Cyber Vision application operating on a device. See Monitor the Cisco cyber vision application on devices.


Configure a connection to a Cisco cyber vision center in the network hierarchy

Establishing a connection to a Cisco Cyber Vision Center enables your network devices to communicate securely with the center for industrial network monitoring and threat detection capabilities.

Use this procedure when you need to integrate Cisco Cyber Vision Center with your network infrastructure to monitor industrial protocols and detect security threats in your operational technology environment.

Before you begin

  • Deployment token

    In Cisco Cyber Vision Center, create one or more deployment tokens to enable devices to establish a secure link with Cisco Cyber Vision Center. This table indicates the token type required, according to the supported platform type.

    Table 1. Required token type by platform

    Platform

    Token Type

    Cisco Catalyst IR1101 Rugged Series

    cviox-aarch64.tar

    For information about creating a deployment token, see the latest Cisco Cyber Vision GUI Administration Guide.

    Copy the token text and have it ready for the procedure.

  • Connectivity

    The devices in your network that operate with Cisco Cyber Vision require network reachability to the Cisco Cyber Vision Center. Ensure that your network topology provides this reachability.

Follow these steps to configure a connection to a Cisco Cyber Vision Center in the network hierarchy:

Procedure

1.

From the Cisco SD-WAN Manager menu, choose Configuration > Network Hierarchy.

2.

Click External Services.

3.

In the Cyber Vision pane, click Add Cyber Vision Center.

4.

In the table of Cisco Cyber Vision connections, enter these:

Field

Description

Name

Name of the Cisco Cyber Vision Center.

IP Address or Hostname

IP address of the server hosting the Cisco Cyber Vision Center.

Note

Entering a hostname is not supported.

Token

Paste in the deployment token that you copied from the Cisco Cyber Vision Center, as noted in the prerequisites.

VPN

VPN by which devices in the network connect to the Cisco Cyber Vision Center.

5.

Click Save.

Using information contained in the token, Cisco SD-WAN Manager automatically sets up a server as one of the remote image-hosting servers that appear on the Maintenance > Software Repository page, in the Remote server tab. See How devices download and install the Cisco cyber vision application.

The connection to the Cisco Cyber Vision Center is configured and the system automatically sets up a remote image-hosting server for software repository access.


Create a configuration group profile with a cyber vision feature

Create a Configuration Group Profile that includes a Cyber Vision feature to enable network visibility and security monitoring capabilities across your SD-WAN or SD-Routing infrastructure.

Configuration Group Profiles with Cyber Vision features provide enhanced network monitoring and security capabilities. This configuration enables you to deploy consistent Cyber Vision settings across multiple devices in your network.

Before you begin

On the Configuration > Configuration Groups page, choose either

  • SD-WAN, or

  • SD-Routing

as the solution type.

Follow these steps to create a Configuration Group Profile with a Cyber Vision feature:

Procedure

1.

From the Cisco SD-WAN Manager menu, choose Configuration > Configuration Groups.

2.

Create and configure a Cyber Vision feature in an Other profile.

  1. Enter a name and description for the feature.

    Table 2. Name and Description

    Field

    Description

    Name

    Name for the Cisco Cyber Vision Center.

    Description

    Optionally, add a description.

  2. Configure the base configuration fields.

    Table 3. Base Configuration

    Field

    Description

    Cyber Vision Center

    From the drop-down list, choose a Cisco Cyber Vision Center connection from the list of previously configured connections. Refer to Configure a Connection to a Cisco Cyber Vision Center in the Network Hierarchy.

    Monitoring Source Interface

    Click Add and enter the interface for the device to use for monitoring traffic. Your choice depends on your network and the traffic that you want the device to monitor.

    Examples: VLAN interface, cellular interface, WAN interface

  3. The Advanced Configuration area appears only if you are configuring a Cyber Vision feature for the SD-WAN solution option. It does not appear for the SD-Routing solution option.

    The fields in this area are preconfigured to use variables that enable you to enter device-specific information for each device when deploying the configuration group. See Deploy a configuration group with a Cisco cyber vision feature. But you can configure global device values instead of using the variables.

    Table 4. Advanced Configuration

    Field

    Description

    Capture Interface IP

    IP address of the interface that captures the traffic for analysis.

    Capture Interface Subnet Mask

    Subnet mask for the interface that captures the traffic for analysis.

    Collection Interface (Sensor to Center) IP

    Enter an IP address for the collection interface that sends the captured traffic to Cisco Cyber Vision Center. Ensure that the IP address is within the subnet mask defined in the Collection Interface Subnet Mask field.

    Note

    For each device connecting to Cisco Cyber Vision Center through the same service VPN, enter a unique collection interface IP address.

    It is necessary for each interface within a single service VPN to use a unique IP address.

    To view the service VPN configured for communication with Cisco Cyber Vision Center, see Configure a Connection to a Cisco Cyber Vision Center in the Network Hierarchy.

    Collection Interface Subnet Mask

    Subnet mask for the collection interface that sends the captured traffic to Cisco Cyber Vision Center. The subnet mask defines an address space for the service VPN used for communication between device and Cisco Cyber Vision Center.

    VPG5 (Virtual Port Group) IP Address

    IP address within the subnet mask defined in the Collection Interface Subnet Mask field. This is an address with the same network as the collection interface.

    Note

    For each device connecting to Cisco Cyber Vision Center through the same service VPN, enter a unique VPG5 IP address.

    It is necessary for each interface within a single service VPN to use a unique IP address.

    VPG6 (Virtual Port Group) IP Address

    This field is preset and not configurable.

You have successfully created a Configuration Group Profile with a Cyber Vision feature that can be deployed to devices in your network.

What to do next

Also see Deploy a configuration group.


Add a cyber vision feature to a configuration group

Add a Cyber Vision feature to a configuration group to integrate network security monitoring and threat detection capabilities into your SD-WAN or SD-Routing deployment.

Cyber Vision profiles provide network visibility and security monitoring features that can be applied to configuration groups for centralized management across multiple devices in your network deployment.

Procedure

1.

From the Cisco SD-WAN Manager menu, choose Configuration > Configuration Groups.

2.

In the solution drop-down list, choose either

  • SD-WAN, or

  • SD-Routing

as the solution type to display configuration groups only for this solution.

3.

Click the Configuration Groups tab.

4.

If you need to create a configuration group, follow the steps described in Using Configuration Groups in Cisco Catalyst SD-WAN Configuration Groups.

5.

For an existing configuration group, click Add Profile and add an Other Profile to the configuration group.

6.

In the configuration group, locate the Other Profile drop-down list and choose a Cisco Cyber Vision profile.

The Cyber Vision profile is successfully added to the configuration group, enabling network security monitoring capabilities for devices associated with this configuration group.


Deploy a configuration group with a Cisco cyber vision feature

Deploy a configuration group with the Cisco Cyber Vision feature to enable devices in the network to operate as sensors that capture and send traffic data to Cisco Cyber Vision Center for network monitoring and security analysis.

Use this procedure when you need to deploy the Cisco Cyber Vision feature to devices in your SD-WAN network. The deployment enables devices to function as sensors that monitor network traffic and communicate with the Cisco Cyber Vision Center.

Before you begin

  • See Supported platforms for Cisco cyber vision integration before deploying a configuration group with the Cisco Cyber Vision feature.

  • Ensure that devices in the network have network reachability to Cisco Cyber Vision Center before deploying a configuration group that includes the Cisco Cyber Vision feature. This requires two steps:

    1. Deploy a configuration group to establish reachability to Cisco Cyber Vision Center.

    2. Deploy a configuration group to enable Cisco Cyber Vision on the devices.

      After you confirm reachability in the previous step, you can modify the same configuration group that you used in that step, adding the Cisco Cyber Vision feature, and deploy the configuration group to the devices.

    See Prerequisites for Cisco cyber vision integration.

    Note

    This same requirement applies when you add devices to a configuration group that has the Cisco Cyber Vision feature and that you have deployed to devices already. If you want to deploy the configuration group to additional devices, make note of the above and first establish reachability to Cisco Cyber Vision Center for the additional devices.

Follow these steps to deploy a configuration group with the Cisco Cyber Vision feature:

Procedure

1.

Use the configuration group deployment procedure in Cisco Catalyst SD-WAN Configuration Groups Reference Guide to deploy a configuration group to devices in the network.

2.

If you are deploying to devices of the SD-WAN solution type, during deployment, enter these device-specific variables, in the CV_SDWAN pane, for each router.

If you are deploying to devices of the SD-Routing solution type, skip this step.

Field

Description

collection_int_ip

Enter an IP address for the collection interface that sends the captured traffic to Cisco Cyber Vision Center. Ensure that the IP address is within the subnet mask defined in the collection_int_subnet field.

Note

For each device connecting to Cisco Cyber Vision Center through the same service VPN, enter a unique collection interface IP address.

It is necessary for each interface within a single service VPN to use a unique IP address.

To view the service VPN configured for communication with Cisco Cyber Vision Center, see Configure a connection to a Cisco cyber vision center in the network hierarchy.

collection_int_subnet

Subnet mask for the collection interface that sends the captured traffic to Cisco Cyber Vision Center. The subnet mask defines an address space for the service VPN used for communication between device and Cisco Cyber Vision Center.

vpg5_ip

IP address within the subnet mask defined in the collection_int_subnet field. This is an address with the same network as the collection interface.

Note

For each device connecting to Cisco Cyber Vision Center through the same service VPN, enter a unique VPG5 IP address.

It is necessary for each interface within a single service VPN to use a unique IP address.

3.

If you want to monitor the progress of installing the Cisco Cyber Vision application on a device, view the log messages for the installation.

  1. Click the task list button near the top right.

  2. Click the Deploy configuration group task.

    This opens a page showing the deployment progress for each device.

  3. Adjacent to a device, click the log icon in the Action column.

    The View Logs pane opens, showing the deployment progress for the device. When the deployment is complete, and when the devices have established a connection to the Cisco Cyber Vision server, a success message, such as "Config Group successfully deployed to device," appears in the log.

    When you first deploy a configuration group with the Cisco Cyber Vision feature to a device, it triggers the device to install the Cisco Cyber Vision application. It takes several minutes for a device to install the Cisco Cyber Vision application. After a successful installation, the device operates as a sensor for Cisco Cyber Vision. The device appears in the sensor list Cisco Cyber Vision Center. For information about verifying this, see Verify that Cisco SD-WAN manager has connected to the Cisco cyber vision center.

The configuration group with the Cisco Cyber Vision feature is deployed to the selected devices. The devices install the Cisco Cyber Vision application and begin operating as sensors that capture traffic and send it to Cisco Cyber Vision Center for network monitoring and security analysis. The devices appear in the sensor list in Cisco Cyber Vision Center.