Cisco Systems IPS4510K9 Home Security System User Manual


  Open as PDF
of 854
 
21-10
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Chapter21 Upgrading, Downgrading, and Installing System Images
Configuring Automatic Upgrades
user-name user_name—Specifies the username for server authentication.
user-server {disabled | enabled}—Enables automatic upgrades from a user-defined server.
Configuring Automatic Upgrades
If you get an unauthorized error message while configuring an automatic update, make sure you have the
correct ports open on any firewalls between the sensor and Cisco.com. For example, you need port 443
for the initial automatic update connection to www.cisco.com, and you need port 80 to download the
chosen package from a Cisco file server. The IP address may change for the Cisco file server, but you
can find it in the lastDownloadAttempt section in the output of the show statistics host command.
Caution
The IPS address has been changed to cisco.com in the URL configuration. If you have automatic update
configured on your sensor, you may need to update firewall rules to allow the sensor to connect to this
new address.
Note
To check the status of the last automatic update or the next scheduled automatic update, run the show
statistics host command and check the Auto Update Statistics section.
To schedule automatic upgrades, follow these steps:
Step 1
Log in to the CLI using an account with administrator privileges.
Step 2
Enter automatic upgrade submode.
sensor# configure terminal
sensor(config)# service host
sensor(config-hos)# auto-upgrade
sensor(config-hos-aut)#
Step 3
Configure the sensor to automatically look for new upgrades either on Cisco.com or on your file server:
a.
On Cisco.com. Continue with Step 4.
sensor(config-hos-aut)# cisco-server enabled
b.
From your server.
sensor(config-hos-aut)# user-server enabled
c.
Specify the IP address of the file server.
sensor(config-hos-ena)# ip-address 10.1.1.1
d.
Specify the directory where the upgrade files are located on the file server.
sensor(config-hos-ena)# directory /tftpboot/sensor_updates
e.
Specify the file server protocol.
sensor(config-hos-ena)# file-copy-protocol ftp
Note
If you use SCP, you must use the ssh host-key command to add the server to the SSH known
hosts list so the sensor can communicate with it through SSH.
 previous next