Filter
Top Products
22-9
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 22 Upgrading, Downgrading, and Installing System Images
Configuring Automatic Upgrades
• default— Sets the value back to the system default setting.
• directory— Specifies the directory where upgrade files are located on the file server. A leading ‘/’
indicates an absolute path.
• file-copy-protocol— Specifies the file copy protocol used to download files from the file server.
The valid values are ftp or scp.
Note If you use SCP, you must use the ssh host-key command to add the server to the SSH known
hosts list so the sensor can communicate with it through SSH.
• ip-address—Specifies the IP address of the file server.
• password—Specifies the user password for Cisco server authentication.
• schedule-option—Specifies the schedules for when Cisco server automatic upgrades occur.
Calendar scheduling starts upgrades at specific times on specific days. Periodic scheduling starts
upgrades at specific periodic intervals.
–
calendar-schedule—Configures the days of the week and times of day that automatic upgrades
will be performed.
–
days-of-week—Specifies the days of the week on which auto-upgrades will be performed. You
can select multiple days: sunday through saturday are the valid values.
–
no—Removes an entry or selection setting.
–
times-of-day—Specifies the times of day at which auto-upgrades will begin. You can select
multiple times. The valid value is hh:mm[:ss].
–
periodic-schedule—Specifies the time that the first automatic upgrade should occur, and how
long to wait between automatic upgrades.
–
interval—Specifies the number of hours to wait between automatic upgrades. Valid values are
0 to 8760.
–
start-time—Specifies the time of day to start the first automatic upgrade. The valid value is
hh:mm[:ss].
• user-name—Specifies the username for server authentication.
• user-server—Enables automatic upgrades from a user-defined server.
Configuring Automatic Upgrades
If you get an unauthorized error message while configuring an automatic update, make sure you have the
correct ports open on any firewalls between the sensor and Cisco.com. For example, you need port 443
for the initial automatic update connection to www.cisco.com, and you need port 80 to download the
chosen package from a Cisco file server. The IP address may change for the Cisco file server, but you
can find it in the lastDownloadAttempt section in the output of the show statistics host command.
Note To check the status of the last automatic update or the next scheduled automatic update, run the show
statistics host command and check the Auto Update Statistics section.