Maintenance

Upgrade procedures

Upgrade through the Cisco Cyber Vision sensor management extension

Before updating sensors, the Cisco Cyber Vision sensor management extension must be up-to-date.

It is possible to select which sensors to update. The update status will be visible in the Management Jobs page.

Update the sensor management extension

The Cisco Cyber Vision sensor management extension must be up-to-date to update IOx sensors.

Procedure

Step 1

Retrieve the sensor management extension file (i.e. CiscoCyberVision-sensor-management-<version>.ext) on cisco.com.

Step 2

In Cisco Cyber Vision, navigate to Admin > Extensions.

Step 3

Click Update to browse the new version of the extension file.

Update sensors

Deployed sensors are listed in the Admin > Sensors > Sensor Explorer page of the Cisco Cyber Vision Center. For out of date sensors, the values in the Version column are displayed in red. You can hover over the version value to see the latest version that you can update the sensor to.
Procedure

Step 1

In the Cisco Cyber Vision Center, go to Admin > Sensors > Sensor Explorer.

Step 2

From the list of sensors, select the sensors you want to update. To select all the sensors on the list, check the check box at the top of the table.

Step 3

From the More Actions drop-down list, choose Update Sensors.

Step 4

Click OK.

The center adds a new job to the sensor queue to update the sensor to the latest available version. The sensor automatically collects the job, and restarts with the new version. You can track the progress of the update by viewing the Update Status column in the Sensor Explorer page.

Upgrade through the IOx Local Manager

The following section explains how to upgrade the sensor through the IOx Local Manager.


Note

In the case of Cisco Cyber Vision upgrade for a Catalyst 9x00 from a release 4.1.2 or lower to a release 4.1.3, the update will fail due to the addition of the RSPAN option. The sensor application must be removed and deployed again.

In the example below, the sensor is upgraded from Cisco Cyber Vision version 3.2.2 to version 3.2.3.

Figure 1. The sensor in version 3.2.2 in the Sensors administration page of Cisco Cyber Vision

  1. Access the IOx Local Manager.

  2. Stop the application.

    The operation takes a few moments.

    The application status switches to STOPPED.

    In Cisco Cyber Vision, the sensor status switches to Disconnected.

  3. In the IOx Local Manager, click the Deactivate button.

    The application status moves to DEPLOYED.

  4. Click Upgrade.

    The pop up Upgrade application appears.

  5. Select the Preserve Application Data option.

  6. Select the new version of the application archive file.

    e.g. CiscoCyberVision-IOx-aarch64-3.2.3.tar

    The operation takes a few moments.

    A message indicating that the sensor has been successfully upgraded is displayed.

  7. Check the number of the new version.

  8. Click Activate.

  9. Check configurations.

    It can happen that network configurations are lost during the upgrade. If they are, refer to Configure the sensor virtual application in the procedure with the Local Manager corresponding to the switch used and do as explained.

  10. Click the Activate App button.

    The application status moves to ACTIVATED.

  11. Click the Start button.

    The application status changes to RUNNING.

    In Cisco Cyber Vision, the sensor is upgraded from version 3.2.2 to 3.2.3 and its status moves to Connected.

Sensor Self Update

Cisco Cyber Vision now allows sensor updates regardless of the installation method (for example, without the extension) and provides the necessary foundation for sensor self-updates. However, the self-update feature will only be functional in future releases. You can update all sensors automatically. The required steps are:

  • Select sensors to update.

  • The Center adds a new job to the sensor queue.

  • The sensor automatically collects and validates the update file.

  • The sensor restarts with the new version.

Update Warnings

In the Cisco Cyber Vision Center on the Sensor Explorer page, you receive an alert to update the sensor. When this occurs, the latest version number appears in red, and a blue arrow with a tooltip indicates the sensor is upgradeable.

To update the senosr, follow thses steps:

  • From the main menu, choose Admin > Sensors > Sensor Explorer.

  • Click the sensor that is upgradeble from the Label column.

  • The right side panel appears with sensor details.

  • Click Update.

Update Procedure

Procedure

Step 1

From the main menu, choose Admin > Senors > Sensor Explorer.

Step 2

Check the checkboxes to select multiple sensors.

Step 3

Click the drop-down arrow of the More Actions button.

Step 4

Click Update sensors from the drop-down list.

The UPDATE SENSORS pop-up appears.

Step 5

Click OK.

During the update, a blue circle appears in the Update status column. After the update is complete, the version number turns black, and a green symbol appears in the same column.

Update Failure

If the update is unsuccessful, the Update Status column displays a red cross and a detailed message. To view the failure message, choose Admin > Sensors > Sensor Explorer from the main menu. Hover over the red cross in the Update Status column to see the details of the update failure.

Replace SD card

This section explains how to replace a SD card on a Cisco IE3x00.

Procedure

Step 1

Connect to the device CLI and use the following commands to disable IoX:

configure terminal 
no iox 
exit

Step 2

Replace the SD card.

Step 3

Format the SD card using the following command:

format sdflash: ext4

Step 4

Enable IOx using the following command:

configure terminal
iox

Step 5

Follow the instructions described in the following section to redeploy the sensor.

What to do next

Reconfigure/Redeploy a sensor

Reconfigure/Redeploy a sensor

The Redeploy button is used when you need to replace a sensor model with another one keeping the same network configurations (e.g. replacing a Cisco IE3400 with a Cat 9300), change configurations, or if you need to reconfigure the sensor (e.g. to enable Active Discovery).

To do so:

Procedure

Step 1

On the Sensor Explorer page, click the sensor to reconfigure/redeploy. The sensor right side panel appears.

Step 2

Click Redeploy.

A pop up asking to confirm the redeployment of the sensor appears.

Step 3

Click OK to proceed.

A summary of the sensor configuration is displayed. In this example, we're going to change the Collection VLAN number.

Step 4

Click Start.

Step 5

Enter the credentials to reach the sensor to redeploy and click Connect.

Step 6

Click the blue link to fill the warning fields with the current sensor configuration. We change the Collection VLAN number value to 49.

Step 7

Click Next.

Step 8

You can enable Active Discovery selecting Passive and Active Discovery.

Step 9

Click Deploy.

A message saying that the sensor is being redeployed appears. You can either go the jobs page or go back to the Sensor Explorer page.

Step 10

Click Go to the jobs page.

You are redirected to the Management jobs page to see the redeployment advancement. This can take several minutes.

If you go back to the Sensor Explorer page, you will see that the sensor is in Redeploying status.

Once the redeployment is finished, the sensor will switch status to connected and the Active Discovery to Enabled.

Certificate Renewal

Cisco Cyber Vision generates certificates valid for two years.

The center automatically renews sensor certificates. The system attempts to renew them 35 days before expiration at 00:00 UTC. If this attempt fails, the center retries randomly between 5 to 19 hours later.

If the center cannot renew the certificate before it expires, communication fails and is restored only after that renewal. The renewal process depends on the sensor deployment method.

Sensor Certificate Renewal through the Local Manager

If a certificate expires and the sensor has been manually deployed (without the sensor management extension), communication with the sensor stops. To renew the certificate, you must manually send the provisioning package to the sensor. This involves generating the provisioning package and sending it to the sensor via the Local Manager application.

Procedure

Step 1

From the main menu, choose Admin > Sensors > Sensor Explorer.

Step 2

Click the name of the sensor from the Label column.

The right-side panel appears.

Step 3

Click the Download package button.

Step 4

Import the provisioning package in the Local Manager. To do so, see Import the provisioning package.

Step 5

The sensor's health status switches to Connected and its processing status to Normally processing.

Sensor Certificate Renewal through ZTP Token Redeployment

From the main menu, choose Admin > Sensors > Deployment Tokens to generate a new token. Then, use the same tool originally used to deploy the sensor for its redeployment.