Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

C-56

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Appendix C Troubleshooting

Troubleshooting the Appliance

to download the chosen package from a Cisco file server. The IP address may change for the Cisco

file server, but you can find it in the lastDownloadAttempt section in the output of the show

statistics host command.

Try the manual upgrade command before attempting the automatic update. If it works with the upgrade

command and does not work with the automatic update, try the following:

• Determine which IPS software version your sensor has.

• Make sure the passwords are configured for automatic update. Make sure they match the same

passwords used for manual update.

• Make sure that the filenames in the FTP server are exactly what you see on Downloads on

Cisco.com. This includes capitalization. Some Windows FTP servers allow access to the file with

the incorrect capitalization but the sensor ultimately rejects the file because the name has changed.

• If necessary, run TCPDUMP on automatic update. You can compare the successful manual update

with the unsuccessful automatic update and troubleshoot from there.

For More Information

• For the procedure for creating the service account, see Creating the Service Account, page 4-26.

• For the procedure for reimaging your sensor, see Chapter 22, “Upgrading, Downgrading, and

Installing System Images.”

• For the procedure for adding hosts to the SSH known hosts list, see Adding Hosts to the SSH Known

Hosts List, page 4-45.

• For the procedure for determining the software version, see Displaying Version Information,

page C-91.

Updating a Sensor with the Update Stored on the Sensor

You can store the update package in the /var directory on the sensor and update the sensor from there if

you need to.

To update the sensor with an update stored on the sensor, follow these steps:

Step 1 Log in to the service account.

Step 2 Obtain the update package file from Cisco.com.

Step 3 FTP or SCP the update file to the sensor /usr/cids/idsRoot/var directory.

Step 4 Set the file permissions:.

chmod 644 ips_package_file_name

Step 5 Exit the service account.

Step 6 Log in to the sensor using an account with administrator privileges.

Step 7 Store the sensor host key.

sensor# configure terminal

sensor(config)# service ssh

sensor(config-ssh)# rsa1-keys sensor_ip_address

previous next