Installation

Three different ways are possible to deploy Cisco Cyber Vision Sensor application.

In this section we will deploy the IOx Application and configure different Cisco Cyber Vision Sensor interfaces.


Note

On switch stack deployment, there is no IOx redundancy between stack member. In case of a failover and master role swap sensor app will not be redundant and communication to sensor will be lost.

A new sensor deployment is required in this use case.

Procedure with the Cisco Cyber Vision sensor management extension

After the Initial configuration, proceed to the steps described in this section.


Note
To be able to use the Cisco Cyber Vision sensor management extension, an IP address reachable by the Center Collection interface must be set on the Collection VLAN.

Note
Since the extension deployment is based on HTTPS, flow must be allowed on port TCP 443.

We can use an Access Control List (ACL) on IOS XE devices to limit access from Cisco Cyber Vision.

Configuration example for IOS XE devices: Filter Traffic Destined to Cisco IOS XE Devices WebUI Using an Access List - Cisco 

ip http access-class SOME_ID 

ip http secure-server 

! 

access-list SOME_ID permit CENTER_ETH0_IP CENTER_ETH0_WILDCARDMASK

Where CENTER_ETH0_IP is the administration IP address of your Cyber Vision center (eth0).

Install the sensor management extension

To install the sensor management extension, you must:

Procedure

Step 1

Retrieve the extension file (i.e. CiscoCyberVision-sensor-management-<version>.ext) from cisco.com.

Step 2

Access the Extension administration page in Cisco Cyber Vision.

Step 3

Import the extension file.

Once the sensor management extension is installed, you will find a new management job under the sensor administration menu (Management Jobs), and the Install via extension button will be enabled in the Sensor Explorer page.

Management Jobs

Since some deployment tasks on sensors can take several minutes, this page displays the execution status and progress for each sensor deployed with the Sensor Management Extension. The page is visible only when the Sensor Management Extension is installed in the Cisco Cyber Vision Center.

To access the Management jobs page, choose Admin > Sensors > Management jobs from the main menu.

You will find the following jobs:

  • Single deployment:

    This job is launched when clicking the Deploy Cisco device button in the sensor administration page, that is when a new IOx sensor is deployed.

  • Single redeployment:

    This job is launched when clicking the Reconfigure Redeploy button in the sensor administration page, that is when deploying on a sensor that has already been deployed. This option is used for example to change the sensor's parameters like enabling active discovery.

  • Single removal:

    This job is launched when clicking the Remove button from the sensor administration page.

  • Update all devices:

    This job is launched when clicking the Update Cisco devices button from the sensor administration page. A unique job is created for all managed sensors that are being updated.

If a job fails, you can click on the error icon to view detailed logs.

Install sensors with the sensor management extension

Use this procedure to install both the CV sensor and SEA agent apps on supported switches using a single workflow. This is possible because both applications are bundled together in one container, making deployment more efficient. Additionally, if you prefer to install only the CV app without the SEA agent, you have the flexibility to make this choice during the setup process.

Before you begin

  • Ensure Cisco Cyber Vision is integrated with Secure Equipment Access on the IoT Operations Dashboard. For more information, see the "Integrate Cisco Cyber Vision Center with Secure Equipment Access" topic in the Cisco Cyber Vision Administration Guide, 5.3.0.

  • Confirm you have administrator access to Cisco Cyber Vision Center.

Procedure

Step 1

In Cisco Cyber Vision, navigate to Admin > Sensors > Sensor Explorer and click New sensor, then Install via extension.

Step 2

To configure your Cisco Cyber Vision Center to reach your network device, fill in the required fields. For field descriptions, see Network device configuration fields for sensor installation.

Step 3

Click Connect.

Step 4

To configure the Cisco Cyber Vision IOx sensor app for the Cisco IE device, enter these network details, and click Next. Some parameters are pre-filled with default values. You can either keep these values or change them as needed.

  • Capture IP Address: The IP address assigned to the interface on the device where traffic is captured for analysis.

  • Capture Prefix Length: Defines the subnet mask for the Capture IP Address.

  • Capture VLAN number: Specifies the Virtual Local Area Network (VLAN) ID used for capturing traffic on the device.

  • Collection IP Address: The IP address of the device where the captured data is sent for processing.

  • Collection Prefix Length: Defines the subnet mask for the Collection IP Address.

  • Collection Gateway: The IP address of the gateway used by the collection system to route traffic.

  • Collection VLAN number: Specifies the VLAN ID for the collection device.

Step 5

To also install the SEA agent app along with the Cisco Cyber Vision sensor app, click With SEA, and choose one of these options, and click Next.

  • Use the Center as proxy: Routes traffic through the Center.

  • Direct: Establishes a direct connection.

  • Proxy Form: Allows custom proxy settings.

    Note

     

    If you do not want to install SEA, click Without SEA > Next and proceed to step 6.

Step 6

To configure the active discovery settings, enter these details on the Active Discovery page:

  1. Passive Only: Uses only passive discovery methods. This option is only available if the CV sensor is deployed without SEA.

  2. Passive and Active Discovery/SEA: Combines passive and active discovery methods (and/or SEA), requiring network interface configuration.

  3. In the Add Active Discovery configuration section, click Use collection interface.

Step 7

Click Deploy.

When deployment completes, the sensor will display as "Connected" on the Sensor Explorer page.

What to do next

Use the Admin->Sensors->Management jobs page to monitor the deployment progress.

Network device configuration fields for sensor installation

The following table describes the fields required when installing sensors using the Sensor Management Extension in Cisco Cyber Vision.

Table 1. Network device config values

Field

Description

Required or Optional

Comments

IP Address

Management IP address of the device.

Required

NIL

Port

Management port of the device

Required

443 or 8443

Center Collection IP

Collection IP address of the Center

Optional

NIL

Sensor Label

A label for the sensor

Optional

For example, CVPlusSEA

Template

Select a configuration template.

Required

Select the default template

Credentials

Specify the credentials to authenticate with the sensor app

Required

Use global (recommended) or custom.

Note

 

Global credentials are shared authentication details applied across multiple devices. For more details, see Manage Cisco devices.

Capture modes

Select the capture mode to determine which flows Cisco Cyber Vision analyzes.

Required.

 Select one of the these options:

  • Optimal: Analyzes the most relevant flow according to your network.

  • All: Analyzes all the flows.

  • Industrial only: Analyzes industrial flows only.

Configure a sensor in the sensor management extension

If the Center can join the switch, the following form appears:

Form for the Cisco IE3x00 and the Cisco IE9x00:

Form for the Cisco Catalyst 9x00 with RSPAN configuration available:

While some parameters are filled automatically, you can still change them if necessary.

Procedure

Step 1

Fill the following parameters for the Collection interface:

  • Capture IP address: IP address destination of the monitor session in the sensor

  • Capture prefix length: mask of the capture IP address

  • Capture VLAN number: VLAN of the monitor session in the sensor

  • Collection IP address: IP address of the sensor in the device

  • Collection prefix length: mask of the Collection IP address

  • Collection gateway: gateway of the Collection IP address

  • Collection VLAN number: VLAN of the sensor

Step 2

Click Next.

Step 3

Active Discovery:

If you want to enable Active Discovery on the sensor, select Passive and Active Discovery.

You can:

  • use the sensor Collection interface by selecting it:

  • add new network interfaces filling the following parameters to set dedicated network interfaces and clicking Add:

    • IP address

    • Prefix length

    • VLAN number

Step 4

Click Deploy.

The Center starts deploying the sensor application on the target equipment. This can take a few minutes. You can go to the Management jobs page to check the deployment advancements.

Once the deployment is finished, a new sensor appears in the sensors list.

The sensor's status will eventually turn to connected.

If the Active Discovery has been enabled and set -that is if the option Passive and Active Discovery was selected when configuring the sensor in the sensor management extension- the sensor is displayed as below with Active Discovery's status as Enabled.

Configure a sensor in the sensor management extension

If the Center can join the switch, the following form will appear.

Even if some parameters are filled automatically, you can change them if necessary or opt to modify recommended addresses based on the scheme shown in the previous section.

Figure 1. Center and sensor are on different networks
Figure 2. Center and sensor are on the same network

Configure Active Discovery

Once the sensor is connected, you can change the Active Discovery's network interface so it uses the Collection network interface instead, and add several network interfaces for the sensor to perform Active Discovery on several subnetworks at the same time.

Procedure

Step 1

Click the sensor to configure and click the Active Discovery button on its right side panel.

The Active Discovery configuration appears with the interface currently set.

Step 2

Select Use collection interface for the Active Discovery to use the Collection network interface.

To add a network interface to Active Discovery for the sensor to perform active monitoring on another subnetwork:

Step 3

Add a new network interface by clicking the corresponding button.

Step 4

Fill the following parameters to set dedicated network interfaces:

  • IP address

  • Prefix length

  • VLAN number

Step 5

Click Add.

You can add as many network interfaces as needed.

Step 6

When you are done, click Configure.

A message saying that the configuration has been applied successfully appears.

Procedure with the Local Manager

After the Initial configuration, proceed to the steps described in this section.

Access the Local Manager

Procedure

Step 1

Open a browser and navigate to the IP address you configured on the interface you are connected to.

Step 2

Log in using the Local Manager user account and password.

Step 3

Once logged into the Local Manager, navigate to Configuration > Services > IOx.

Step 4

Log in using the user account and password.

Install the sensor virtual application

Once logged in, the following menu appears:

Procedure

Step 1

Click Add New.

Step 2

Add an application id name (e.g. CCVSensor).

Step 3

Select the application archive file with or without Active Discovery.

  • "CiscoCyberVision-IOx-aarch64-xxx.tar"

  • "CiscoCyberVision-IOx-Active-Discovery-aarch64.tar" with Active Discovery

  • "CiscoCyberVision-IOx-x86-64-xxx.tar"

  • "CiscoCyberVision-IOx-Active-Discovery-x86-64.tar" with Active Discovery

The installation takes a few minutes.

When the application is installed, the following message is displayed:

Configure the sensor virtual application (IE3x00/IE9x00)

  1. Click Activate to launch the configuration of the sensor application.

  2. Change the disk size from the default size to 1248 MB. The disk size must not be larger than this.

    If the field is grayed out, change the profile to custom to change the disk value.

  3. Bind the interfaces in the container to an interface on the host in Network Configuration. Start with eth0 by clicking edit in the eth0 line.

  4. Click Interface Setting.

  5. Apply the following configurations:

    • Select Static

    • IP/Mask: IP and mask of the sensor

    • Default gateway: IP address of the Center

    • Vlan ID, which is defined below, is the VLAN in the Cisco IE3300 10G/IE3400 dedicated to the Collection network interface (link between the Center and the sensors), e.g. 507.

      When using l3nat-iox, you need to fill in the collection information with L3 NAT details, and the default gateway IP is the switch SVI address on the collection VLAN.

  6. IPV6 must be set to Disable.

  7. Click OK twice.

  8. Click OK again on the popup.

  9. Then, apply the following parameters to eth1:

    • Select Static.

    • IP/Mask: the IP and mask of the sensor for the mirrored traffic.

    • Vlan ID, which is defined below, is the VLAN in the Cisco IE3300 10G/IE3400/IE9300 dedicated to traffic mirroring.

  10. IPV6 must be set to Disable.

  11. If configuring a sensor with Active Discovery, you must set an additional interface (eth2 without IP address) dedicated to this feature.

  12. Click Interface Setting for eth2 and set IPV4 and IPV6 as Disable. Click OK to confirm.

  13. Click the Activate App button.

    The operation takes several minutes.

    The application status changes to "RUNNING":

Configure the sensor virtual application (Catalyst 9x00)

  1. Click Activate to launch the configuration of the sensor application.

  2. Change the resource profile and advanced setting:

    • If you are using SSD:

      1. Change the disk size to at least 80,000 MB and it should not be smaller than that.

      2. Add "--rm" in advanced settings - Docker options.

    • If you are not using SSD:

      1. Change the disk size from the default size to 384 MB.

      2. Add “--rm --tmpfs /tmp:rw,size=128m” in Advanced Settings – Docker Options.

  3. Bind the interfaces in the container to an interface on the host in Network Configuration. Start with eth0 by clicking edit in the eth0 line.

  4. Select the mgmt-bridge300 entry in the interface list.

  5. Click Interface Setting.

  6. Apply the following configurations:

    • Select Static

    • IP/Mask: the IP and mask of the sensor

    • Default gateway: the IP address of the Center

    • Vlan ID, which is defined below, is the VLAN in the Cisco Catalyst 9300 dedicated to the Collection network interface (link between the Center and the sensors), e.g. 507.

  7. IPV6 must be set to Disable.

  8. Click OK twice.

  9. Click OK again on the following popup.

  10. Apply the following configurations to eth1:

    • Set IPv4 as Static and the IP and mask of the sensor for mirrored traffic.

    • Disable IPv6.

    • Set the VLAN id.

    • Set the mirror mode as enabled.

  11. Click OK until you come back to the screen below.

  12. If configuring a sensor with Active Discovery, you must set an additional interface (eth2 without IP address) dedicated to this feature. Then, click Interface Setting for eth2 and set IPV4 and IPV6 as Disable. Click OK to confirm.

  13. Click the Activate App button.

    The operation takes several seconds.

  14. Click Applications to display the application status:

  15. The application is activated and needs to be started. To do so, click the Start button.

The operation takes several seconds.

The application status changes to "RUNNING".

Configure the sensor virtual application

Procedure

Step 1

Click Activate to launch the configuration of the sensor application.

Step 2

Change the disk size from the default size to 1248 MB. The disk size must not be larger than this.

If the field is grayed out, change the profile to custom to change the disk value.

Step 3

Bind the interfaces in the container to an interface on the host in Network Configuration. Start with eth0 by clicking edit in the eth0 line.

Step 4

Click Interface Setting.

Step 5

Apply the following configurations:

  • Select Static

  • IP/Mask: IP and mask of the sensor

  • Default gateway: IP gateway of the sensor <Collection_VLAN>

  • VLAN ID: <Collection_VLAN>

t_Center-Sensor on same Network_conf sensor virt app

Before you begin
Procedure

Step 1

Step 2

Step 3

What to do next

t_Platform-Sensor on different Network_conf sensor virt app

Before you begin
Procedure

Step 1

Step 2

Step 3

What to do next

t_Center-Sensor on different Network with L3nat-iox_conf sensor virt app

Before you begin
Procedure

Step 1

Step 2

Step 3

What to do next

Configure the sensor virtual application

Procedure

Step 1

Click Activate to launch the configuration of the sensor application.

Step 2

Change the resource profile and advanced setting.

  • If you are using SSD

Step 3

What to do next

t_Center-sensor on same network_conf sensor virt app

Before you begin
Procedure

Step 1

Step 2

Step 3

What to do next

t_Center-sensor on different network_conf sensor virt app

Before you begin
Procedure

Step 1

Step 2

Step 3

What to do next

Configure the sensor virtual application

Before you begin

Procedure

Step 1

Click Activate to launch the configuration of the sensor application.

Step 2

Change the disk size from the default size to 1024 MB. The disk size must not be larger than this.

If the field is grayed out, change the profile to custom to change the disk value.

Step 3

Bind the interfaces in the container to an interface on the host in Network Configuration. Start with eth0 by clicking edit in the eth0 line.

Step 4

Click Interface Setting.

Step 5

Apply the following configurations:

  • Select Static

  • IP/Mask: IP and mask of the sensor

  • Default gateway: IP Gateway of Sensor <Collection_VLAN>

  • Vlan ID: <Collection_VLAN>

Center-Sensor on same network

Before you begin
Procedure

Step 1

Step 2

Step 3

What to do next

Platform-Sensor on different Network

Before you begin
Procedure

Step 1

Step 2

IPV6 must be set to Disable.

Step 3

Click OK twice.

Step 4

Click OK again on the popup.

Step 5

Then, apply the following parameters to eth1:

  • Select Static.

  • IP/Mask: the IP and mask of the sensor for the mirrored traffic.

  • Vlan ID, which is defined below, is the VLAN in the Cisco IE3300 10G/IE3400/IE9300 dedicated to traffic mirroring.

Step 6

IPV6 must be set to Disable.

Step 7

If configuring a sensor with Active Discovery, you must set an additional interface (eth2 without IP address) dedicated to this feature.

Step 8

Click Interface Setting for eth2 and set IPV4 and IPV6 as Disable. Click OK to confirm.

Step 9

Click the Activate App button.

The operation takes several minutes.

The application status changes to "RUNNING":

Generate the Provisioning Package

Procedure

Step 1

From the main menu, choose Admin > Sensors > Sensor Explorer.

Step 2

Click New sensor.

The dropdown list appears.

Step 3

Click Manual install under Cisco IOx.

The Manual install page appears.

Step 4

Fill in the following fields to configure the sensor provisioning package:

  1. The Serial number of the hardware.

  2. Center collection IP: leave blank.

  3. Gateway: add if necessary.

  4. (Optional) Select a Capture mode.

  5. (Optional) Select a Monitor session type.

    • Select ERSPAN.

    • Select RSPAN if ERSPAN is not possible.

Step 5

Click Create sensor.

Step 6

To download the provisioning package, click the Download package link.

Step 7

Click Finish.

A new entry for the sensor appears in the Sensor Explorer list. The sensor status will switch from Disconnected to New.

Import the provisioning package

After generating the provisioning package in Cisco Cyber Vision application, you must import it in the Local Manager so the sensor can be enrolled to Cisco Cyber Vision.

Before you begin

Procedure

Step 1

In the Local Manager, click Manage on the sensor application.

Step 2

Navigate to App-DataDir.

Step 3

Click Upload.

Step 4

Select the provisioning package (i.e. "sbs-sensor-config-<serialnumber>.zip"), and add the exact file name, extension included, in the path field (i.e. "sbs-sensor-config-<serialnumber>.zip").

Step 5

Click OK.

After a few seconds, a message saying that the upload went successfully is displayed and the sensor appears as Connected in Cisco Cyber Vision.

Procedure with the CLI

After the Initial configuration, proceed to the steps described in this section.

Configure the Sensor Application


Note

The app ID that is used in this section is "CCVSensor."

Procedure

Step 1

Connect to the device using either SSH or a console.

Step 2

Type the commands to configure the application payload.

To enable Active Discovery, you must add guest-interface 2.

Examples include:

Cisco IE3300 10G/IE3400: 
enable
configure terminal
app-hosting appid CCVSensor
app-vnic AppGigabitEthernet trunk
guest-interface 2
vlan 507 guest-interface 0
guest-ipaddress 192.168.69.208 netmask 255.255.255.0
vlan 2508 guest-interface 1
guest-ipaddress 169.254.1.2 netmask 255.255.255.0
app-default-gateway 192.168.69.1 guest-interface 0
app-resource profile custom
persist-disk 2048
cpu 1400
memory 1248
vcpu 2
end
Cisco IE9300: 
enable
configure terminal
app-hosting appid CCVSensor
 app-vnic AppGigabitEthernet trunk
guest-interface 2
  vlan 507 guest-interface 0
   guest-ipaddress 192.168.69.90 netmask 255.255.255.0
  vlan 2508 guest-interface 1
   guest-ipaddress 169.254.1.2 netmask 255.255.255.252
 app-default-gateway 192.168.69.190 guest-interface 0
 app-resource docker
  run-opts 1 --rm
 app-resource profile custom
  cpu 1000
  memory 862
  persist-disk 4000
end
Cisco Catalyst 9300:
enable
configure terminal
app-hosting appid CCVSensor
app-vnic AppGigabitEthernet trunk
guest-interface 2
vlan 507 guest-interface 0
guest-ipaddress 192.168.69.210 netmask 255.255.255.0
vlan 2508 guest-interface 1
mirroring
guest-ipaddress 169.254.1.2 netmask 255.255.255.0
app-default-gateway 192.168.69.1 guest-interface 0
app-resource profile custom
persist-disk 8192
cpu 7400
memory 2048
vcpu 2
end

Refer to the result of the show app-hosting resource command for the app-resource profile's custom values. For example, in this context, all maximum values are used for:

  • CPU units (1400 for Cisco IE3300 10G/IE3400, 1000 for Cisco IE9300, and 7400 for Cisco Catalyst 9300)

  • VCPU (2), memory (2048 MB)

  • disk space (2048 and 8192 MB respectively), allowing space for application updates

Center-Sensor on same network

Before you begin
Procedure

Step 1

Note

 

In this use-case, <Collection_VLAN> for Switch, Sensor and Center collection interface is 49. (see network diagram) 

enable
configure terminal
app-hosting appid CCVSensor
app-vnic AppGigabitEthernet trunk
guest-interface 2
vlan <Collection_vlan_ID> guest-interface 0
guest-ipaddress <GuestIPADRESS> netmask <GuestMASK>
vlan <Mirror_Vlan_ID> guest-interface 1
guest-ipaddress 169.254.1.2 netmask 255.255.255.0
app-resource profile custom
persist-disk 2048
cpu 1400
memory 1248
vcpu 2
End

Example:

enable
configure terminal
app-hosting appid CCVSensor
app-vnic AppGigabitEthernet trunk
guest-interface 2
vlan 49 guest-interface 0
	guest-ipaddress 192.168.49.41 netmask 255.255.255.0
vlan 2508 guest-interface 1
	guest-ipaddress 169.254.1.2 netmask 255.255.255.0
app-resource profile custom
persist-disk 2048
cpu 1400
memory 1248
vcpu 2
End

Step 2

Step 3

Platform-Sensor on different network

Before you begin
Procedure

Step 1

 

enable
configure terminal
app-hosting appid CCVSensor
app-vnic AppGigabitEthernet trunk
guest-interface 2
vlan <Collection_vlan_ID> guest-interface 0
guest-ipaddress <GuestIPADRESS> netmask <GuestMASK>
vlan <Mirror_Vlan_ID> guest-interface 1
guest-ipaddress 169.254.1.2 netmask 255.255.255.252
app-default-gateway <IP_Gateway_Collection> guest-interface 0
app-resource profile custom
persist-disk 2048
cpu 1400
memory 1248
vcpu 2
end

Example:

enable
configure terminal
app-hosting appid CCVSensor
app-vnic AppGigabitEthernet trunk
guest-interface 2
vlan 49 guest-interface 0
	guest-ipaddress 192.168.49.41 netmask 255.255.255.0
vlan 2508 guest-interface 1
guest-ipaddress 169.254.1.2 netmask 255.255.255.252
app-default-gateway 192.168.49.254 guest-interface 0
app-resource profile custom
persist-disk 2048
cpu 1400
memory 1248
vcpu 2
end

Step 2

Step 3

Center-Sensor on different Network with L3nat

Before you begin
Procedure

Step 1

 

enable
configure terminal
app-hosting appid CCVSensor
app-vnic AppGigabitEthernet trunk
guest-interface 2
vlan <Non_Routed_Collection_VLAN_ID> guest-interface 0
guest-ipaddress <Non_Routed_IP_Address> netmask <MASK>
vlan <Mirror_Vlan_ID> guest-interface 1
guest-ipaddress 169.254.1.2 netmask 255.255.255.252
app-default-gateway <SVI2_IP_Address> guest-interface 0
app-resource profile custom
persist-disk 2048
cpu 1400
memory 1248
vcpu 2
end

Example:

enable
configure terminal
app-hosting appid CCVSensor
app-vnic AppGigabitEthernet trunk
guest-interface 2
vlan 2507 guest-interface 0
	guest-ipaddress 169.254.0.2 netmask 255.255.255.0
vlan 2508 guest-interface 1
	guest-ipaddress 169.254.1.2 netmask 255.255.255.0
app-default-gateway 169.254.0.1 guest-interface 0
app-resource profile custom
persist-disk 2048
cpu 1400
memory 1248
vcpu 2
end

For the app-resource profile's custom values, refer to the result of the show app-hosting resource command.

In this example, all maximum values are used for:

  • the CPU (CPU available units, here 1400 for the Cisco IE3300 10G/IE3400

  • the VCPU (here 2), the memory (Memory available, here 2048)

  • the disk (only 2048 MB and 8192 MB respectively are used to let space for application updates)

Step 2

Step 3

Center-Sensor on same network

Before you begin
Procedure

Step 1

 

enable
configure terminal
app-hosting appid CCVSensor
app-vnic AppGigabitEthernet trunk
guest-interface 2
vlan 49 guest-interface 0
guest-ipaddress 192.168.49.41 netmask 255.255.255.0
vlan 2508 guest-interface 1
mirroring
guest-ipaddress 169.254.1.2 netmask 255.255.255.0
app-resource profile custom
persist-disk 8192
cpu 7400
memory 2048
vcpu 2
end

Step 2

Step 3

Switch-Sensor on different Network

Before you begin
Procedure

Step 1

 

enable
configure terminal
app-hosting appid CCVSensor
app-vnic AppGigabitEthernet trunk
guest-interface 2
vlan 49 guest-interface 0
guest-ipaddress 192.168.49.41 netmask 255.255.255.0
vlan 2508 guest-interface 1
mirroring
guest-ipaddress 169.254.1.2 netmask 255.255.255.0
app-default-gateway 192.168.49.254 guest-interface 0
app-resource profile custom
persist-disk 8192
cpu 7400
memory 2048
vcpu 2
end

Step 2

If you are not using SSD add the following command lines:

app-resource docker
  run-opts 1 --rm --tmpfs /tmp:rw,size=128m

For the app-resource profile's custom values, refer to the result of the show app-hosting resource command.

In this example, all maximum values are used for:

  • the CPU (CPU available units, here 7400 for the Cisco Catalyst 9300)

  • the VCPU (here 2), the memory (Memory available, here 2048)

  • the disk (only 2048 MB and 8192 MB respectively are used to let space for application updates)

Center-Sensor on same Network

Before you begin
Procedure

Step 1

 

configure terminal
app-hosting appid CCVSensor
 app-vnic AppGigabitEthernet trunk
guest-interface 2
  vlan 49 guest-interface 0
   guest-ipaddress 192.168.49.41 netmask 255.255.255.0
  vlan 2508 guest-interface 1
   guest-ipaddress 169.254.1.2 netmask 255.255.255.252
 app-resource docker
  run-opts 1 --rm
 app-resource profile custom
  cpu 1000
  memory 1024
  persist-disk 4000
end

Step 2

Step 3

What to do next

Platform-Sensor on different Network

Before you begin
Procedure

configure terminal
app-hosting appid CCVSensor
 app-vnic AppGigabitEthernet trunk
guest-interface 2
  vlan 49 guest-interface 0
   guest-ipaddress 192.168.49.41 netmask 255.255.255.0
  vlan 2508 guest-interface 1
   guest-ipaddress 169.254.1.2 netmask 255.255.255.252
 app-default-gateway 192.168.69.190 guest-interface 0
 app-resource docker
  run-opts 1 --rm
 app-resource profile custom
  cpu 1000
  memory 1024
  persist-disk 4000
end

For the app-resource profile's custom values, refer to the result of the following command:

show app-hosting
        resource

In this example, all maximum values are used for:

  • the CPU (CPU available units, here 1400 for the Cisco IE3300 10G/IE3400

  • the VCPU (here 2), the memory (Memory available, here 1024)

  • the disk (only 2048 MB and 8192 MB respectively are used to let space for application updates)

Install the sensor application

The sensor package is to be retrieved on cisco.com. The file has the following name structure:

  • CiscoCyberVision-IOx-aarch64-<VERSION>.tar

  • CiscoCyberVision-IOx-x86-64-<VERSION>.tar

Procedure

Step 1

Copy the package to a USB key or in the flash memory.

Step 2

Type the following commands on the CLI:

enable
app-hosting install appid CCVSensor package usbflash0:<FILENAME>.tar

Note

 

Adjust "usbflash0:" in accordance with the sensor package's localization (USB port or flash memory).

Note

 

Replace "CiscoCyberVision-IOx-aarch64-<VERSION>.tar" with the right filename.

Replace "CiscoCyberVision-IOx-x86-64-<VERSION>.tar" with the right filename.

Step 3

Check that the application is in "DEPLOYED" state:

show app-hosting list

Step 4

Activate the application using the following command:

app-hosting activate appid CCVSensor

Step 5

Start the application using the following command:

app-hosting start appid CCVSensor

Generate the Provisioning Package

Procedure

Step 1

From the main menu, choose Admin > Sensors > Sensor Explorer.

Step 2

Click New sensor.

The dropdown list appears.

Step 3

Click Manual install under Cisco IOx.

The Manual install page appears.

Step 4

Fill in the following fields to configure the sensor provisioning package:

  1. The Serial number of the hardware.

  2. Center collection IP: leave blank.

  3. Gateway: add if necessary.

  4. (Optional) Select a Capture mode.

  5. (Optional) Select a Monitor session type.

    • Select ERSPAN.

    • Select RSPAN if ERSPAN is not possible.

Step 5

Click Create sensor.

Step 6

To download the provisioning package, click the Download package link.

Step 7

Click Finish.

A new entry for the sensor appears in the Sensor Explorer list. The sensor status will switch from Disconnected to New.

Copy the sensor application provisioning package

Procedure

Copy the provisioning package from the USB key to the application using the following command:

app-hosting data appid CCVSensor copy usbflash0:sbs-sensor-config-<SERIAL-NUMBER>.zip sbs-sensor-config-<SERIAL-NUMBER>.zip

A new entry for the sensor appears in the Sensor Explorer list.

The sensor status will switch from Disconnected to Connected.

Save the configuration

Procedure

In the sensor's CLI save the product's configuration by typing the following command: 

write mem