Initial configuration

To configure each Cisco switch access refer to its corresponding installation guide available through the following links:

• Cisco Catalyst IE3x00:

  https://www.cisco.com/c/en/us/support/switches/catalyst-ie3300-rugged-series/series.html#~tab-documents

  https://www.cisco.com/c/en/us/support/switches/catalyst-ie3400-rugged-series/series.html#~tab-documents

  https://www.cisco.com/c/en/us/support/switches/catalyst-ie3400-heavy-duty-series/series.html

• Cisco Catalyst IE9x00:

  https://www.cisco.com/c/en/us/support/switches/catalyst-ie9300-rugged-series/series.html

• Cisco Catalyst 9x00:

  https://www.cisco.com/c/en/us/support/switches/catalyst-9300-series-switches/series.html#~tab-documents

  https://www.cisco.com/c/en/us/support/switches/catalyst-9400-series-switches/series.html#~tab-documents

• Check the software version using the following command in the switch's CLI:

  Show version

  To be compatible with the Cisco Cyber Vision Sensor Application:

  • the displayed version for Cisco IE3x00 and Cisco Catalyst 9x00 must be 17.02.01 or higher.

  • the displayed version for Cisco IE9x00 must be 17.09.01 or higher.

  For example: Cisco IE3400

  

  If the version is lower, you must update the switch firmware. To do so, follow the links to the products page in Configure the switch access.

If not already done, insert a 4GB Cisco SD card into the switch SD card slot.

• You can format the SD card using the following command:

  format sdflash: ext4

  

• You can partition the SD card using the following command:

  partition sdflash: iox

  

  Partition is intended for SD swap drive usage. For more information, refer to the corresponding switch user manual.

• You can check the file system using the following command (check for ext4 and Read/Write):

  show sdflash: filesys

  

If not already done, insert a 120GB Cisco SSD disk in the SSD slot.

• You can format the SSD disk using the following command:

  format usbflash1: ext4

  

• You can check the file system using the following command (check for ext4 and Read/Write):

  show usbflash1: filesys

  

The internal clock of the switch must be synchronized and configured properly.

Note

Unlike hardware sensors (i.e. Cisco IC3000) that fetch their time from the Center, the Cyber Vision IOX application sensor gets the time from the host (switch platform). Therefore, it is critical that the host synchronizes its time with the Center or a valid NTP server if it’s synchronized with the Center. If the time difference is large (hours or more), the user should adjust the Cisco IE3400 time using the Local Manager so it is close to the reference time. If not, the synchronization may take many update cycles.

1. Check the date and time using the following command:

   Show clock

   For examples:

   Cisco IE3400:

   

   Cisco Catalyst 9300:

   

2. If needed, adjust to the UTC time using the following command:

   clock set [hh:mm:ss] [month] [day] [year]

   Or go to the Local Manager:

   For example: Cisco IE3400

   

Before installing the Cisco Cyber Vision sensor on the hardware, you must enable IOx.

1. Enable IOx using the following command:

   configure terminal
   iox

   For examples:

   Cisco IE3400:

   

   Cisco Catalyst 9300:

   

2. Check the IOx service status using the following command:

   exit
   show iox

   For examples:

   Cisco IE3400:

   

   Cisco Catalyst 9300:

   

The example of configuration given below is a simple one. This configuration is only valid if a direct link exists between the Center and the switch with the embedded sensor. In this case, the dedicated port is configured with the Collection VLAN (for example, 507). In many other cases, the port used for communication between the Center and the sensor will have to be configured as trunk.

1. Open the Cisco IE3300 10G/IE3400 CLI through ssh or via the console terminal.

2. Configure a VLAN for traffic mirroring using the following commands:

   configure terminal
   vtp mode off
   vlan 2508
   remote-span
   exit

   

   The VTP off command is performed here since VTP is enabled by default and is not compatible with a high VLAN number.

   If needed, select another VLAN number and use the VTP configuration requested by the network.

3. Configure the AppgigabitEthernet port for communications to reach the IOx virtual application using the following commands:

   interface AppGigabitEthernet 1/1
   switchport mode trunk
   exit

   

4. Configure the SPAN session and add to the session the interfaces to monitor:

   monitor session 1 source interface Gi1/10 both
   monitor session 1 destination remote vlan 2508
   monitor session 1 destination format-erspan 169.254.1.2

   

5. Configure one of the switch's ports to enable the communication between the virtual sensor and the Center:

   int gi1/3
   switchport access vlan 507
   no shutdown

   

6. Save the configuration using the following commands:

   exit
   write mem

   

The initial configuration is now complete. Proceed with the application installation and deployment following one of the procedures below:

• Procedure with the Cisco Cyber Vision sensor management extension

• Procedure with the Local Manager

• Procedure with the CLI

The configuration examples given in this section are simple ones. They are only valid if a direct link exists between the Center and the switch with the embedded sensor. In this case, the dedicated port is configured with the Collection VLAN (for example, 507). In many other cases, the port used for communication between the Center and the sensor will have to be configured as trunk.

Configuration with ERSPAN is recommended but requires routing to be enabled on the switch. If this is not possible, RSPAN is available on the Catalyst 9x00. However, note that Multicast and VLAN information will be missing with this configuration.