Filter
Top Products
22-10
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 22 Upgrading, Downgrading, and Installing System Images
Configuring Automatic Upgrades
Caution In IPS 7.1(5)E4 and later the default value of the Cisco server IP address has been changed from
198.133.219.25 to 72.163.4.161 in the Auto Update URL configuration. If you have automatic update
configured on your sensor, you may need to update firewall rules to allow the sensor to connect to this
new IP address.
To schedule automatic upgrades, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Enter automatic upgrade submode.
sensor# configure terminal
sensor(config)# service host
sensor(config-hos)# auto-upgrade
sensor(config-hos-aut)#
Step 3 Configure the sensor to automatically look for new upgrades either on Cisco.com or on your file server:
a. On Cisco.com. Continue with Step 4.
sensor(config-hos-aut)# cisco-server enabled
b. From your server.
sensor(config-hos-aut)# user-server enabled
c. Specify the IP address of the file server.
sensor(config-hos-ena)# ip-address 10.1.1.1
d. Specify the directory where the upgrade files are located on the file server.
sensor(config-hos-ena)# directory /tftpboot/sensor_updates
e. Specify the file server protocol.
sensor(config-hos-ena)# file-copy-protocol ftp
Note If you use SCP, you must use the ssh host-key command to add the server to the SSH known
hosts list so the sensor can communicate with it through SSH.
Step 4 Specify the username for authentication.
sensor(config-hos-ena)# user-name tester
Step 5 Specify the password of the user.
sensor(config-hos-ena)# password
Enter password[]: ******
Re-enter password: ******
Step 6 Specify the scheduling:
a. For calendar scheduling (starts upgrades at specific times on specific day):
sensor(config-hos-ena)# schedule-option calendar-schedule
sensor(config-hos-ena-cal)# days-of-week sunday
sensor(config-hos-ena-cal)# times-of-day 12:00:00