Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3

Unknown

PDF - Complete Book (17.74 MB)

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 - Cisco

File Info : application/pdf, 78 Pages, 17.74MB

b Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3
First Published: 2021-01-01 Last Modified: 2022-10-20
Americas Headquarters
Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000
800 553-NETS (6387) Fax: 408 527-0883

CONTENTS

CHAPTER 1 CHAPTER 2 CHAPTER 3 CHAPTER 4 CHAPTER 5 CHAPTER 6
CHAPTER 7

About this documentation 1 Document purpose 1 Warnings and notices 1
Overview 3
Requirements 7
Additional remarks 9
Known issues 11
Initial configuration 13 Configure the switch access 13 Check the software version 13 SD Card (IE3x00/IE9x00) 14 SSD Disk (Catalyst 9x00) 15 Check date and time 15 Enable IOx 16 Add the necessary configuration parameters (IE3x00) 17 Add the necessary configuration parameters (Catalyst 9x00/IE9x00) 19 Configure with ERSPAN 19 Configure with RSPAN (Catalyst 9x00 only) 21
Procedure with the Cisco Cyber Vision sensor management extension 23 Install the sensor management extension 23

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 iii

Contents

CHAPTER 8 CHAPTER 9 CHAPTER 10 CHAPTER 11

Management jobs 24 Create a sensor in the sensor management extension 25 Configure a sensor in the sensor management extension 27 Configure Active Discovery 31
Procedure with the Local Manager 35 Access the Local manager 35 Install the sensor virtual application 37 Configure the sensor virtual application (IE3x00/IE9x00) 38 Configure the sensor virtual application (Catalyst 9x00) 42 Generate the provisioning package 47 Import the provisioning package 50
Procedure with the CLI 53 Configure the sensor application 53 Install the sensor application 55 Generate the provisioning package 56 Copy the sensor application provisioning package 59 Final step 59
Upgrade procedures 61 Upgrade through the Cisco Cyber Vision sensor management extension 61 Update the sensor management extension 61 Update the sensors 62 Upgrade through the IOx Local Manager 64
Reconfigure/Redeploy a sensor 69

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 iv

1 C H A P T E R
About this documentation
· Document purpose, on page 1 · Warnings and notices, on page 1
Document purpose
This installation guide describes how to perform a clean installation of Cisco Cyber Vision on the following devices:
· Cisco Catalyst IE3300 10G Rugged Series Switch · Cisco Catalyst IE3400 Rugged Series Switch · Cisco Catalyst IE3400 Heavy Duty Series Switch · Cisco Catalyst IE9300 Rugged Series Switch · Cisco Catalyst 9300 Series Switch · Cisco Catalyst 9400 Series Switch Moreover, this document describes how to upgrade sensors through different methods. This documentation is applicable to system version 4.1.3.
Warnings and notices
This manual contains notices you have to observe to ensure your personal safety as well as to prevent damage to property. The notices referring to your personal safety and to your property damage are highlighted in the manual by a safety alert symbol described below. These notices are graded according to the degree of danger.
Warning Indicates risks that involve industrial network safety or production failure that could possibly result in personal injury or severe property damage if proper precautions are not taken.
Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 1

Warnings and notices

About this documentation

Important Indicates risks that could involve property or Cisco equipment damage and minor personal injury if proper precautions are not taken.
Note Indicates important information on the product described in the documentation to which attention should be paid.

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 2

2 C H A P T E R
Overview
· Overview, on page 3
Overview
Proposed architecture: The architecture proposed and described in this document is for demonstration. The local network engineer should be consulted before applying the parameters used in this document. IP addresses, port numbers and VLAN IDs used should be verified beforehand as wrong configurations could stop normal exchanges and stop the process. The schema below explains the architecture virtually deployed in the switch to embed the sensor application. VLAN and physical ports configuration will allow OT traffic to be copied and communication with the Cisco Cyber Vision Center to be established. The communication between the Cisco Cyber Vision Center and the sensor is represented in blue on the schema. Mirrored OT traffic is represented in yellow. The architecture in this document is meant for a switch with an embedded sensor directly connected to the Cisco Cyber Vision Center. The schema presents two types of architecture:
· one with a direct connection to the Center (link="switchport access vlan 507"). · the other with a trunk to another switch or router which is connected to the Center (link="switch mode
trunk").
Several types of installation are explained. One of them is the installation with the Sensor Management extension. This method requires an access for the Cisco Cyber Vision Center to the switch's Local Manager. Several solutions exist: having the Center on the same subnet than the switch's Local Manager (<admin_VLAN> and <collection_VLAN> are the same). having a route path from the Center to an <admin_VLAN> that is different from <collection_VLAN>. Any port of the switch can be used for the communication with the Center or for OT traffic. Architecture diagram for:
· Cisco Catalyst IE3300 10G Rugged Series Switch · Cisco Catalyst IE3400 Rugged Series Switch
Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 3

Overview

· Cisco Catalyst IE3400 Heavy Duty Series Switch

Overview

Architecture diagram for: · Cisco Catalyst 9300 Series Switch · Cisco Catalyst 9400 Series Switch · Cisco Catalyst IE9300 Rugged Series Switch

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 4

Overview

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 5

Overview

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 6

3 C H A P T E R
Requirements
· Requirements, on page 7
Requirements
The hardware must have an access set to the Local Manager and to the CLI (ssh or console port). Elements to collect
· The Cisco Cyber Vision Sensor application to collect from Cisco.com, i.e. · CiscoCyberVision-IOx-aarch64-<version>.tar (Cisco IE3300 10G, Cisco IE3400, Cisco IE9300) · CiscoCyberVision-IOx-x86-64-<version>.tar (Cisco Catalyst 9300) · CiscoCyberVision-IOx-Active-Discovery-aarch64-<version>.tar (Cisco IE3300 10G, Cisco IE3400, Cisco IE9300 with Active Discovery) · CiscoCyberVision-IOx-Active-Discovery-x86-64-<version>.tar (Cisco Catalyst 9300 with Active Discovery)
· A console cable, for the connection to the hardware's console port. OR
· An Ethernet cable, for the connection to one of the hardware's port.
Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 7

Requirements

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 8

4 C H A P T E R
Additional remarks
· Additional remarks, on page 9
Additional remarks
About the IE3400 and IE3300 10G platforms: Cisco Cyber Vision Sensor application will receive ERSPAN traffic. Due to ERSPAN overhead it is recommended to not update the MTU of the platform (switch IE3x00) above 1940 bytes. Otherwise, large packets above 1940 will not be received by the sensor application. About the initial configuration: Configurations described in the initial configuration are given as examples to use a Cisco Cyber Vision sensor embedded in a switch. However, in case a more complex installation is required, a trained user will have to configure the switch with all the necessary VLAN and port settings.
Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 9

Additional remarks

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 10

5 C H A P T E R
Known issues
· Known issues, on page 11
Known issues
· The deployment procedure with the Local Manager is not supported by firmware version 17.3.x. Perform the Procedure with the Cisco Cyber Vision sensor management extension, on page 23 instead.
· Cisco Catalyst 9300: deployments will be possible for sensors on firmware version 17.6.x as of Cisco Cyber Vision version 4.0.1.
· IOx redundancy is not supported: sensors will not persist after a failover. This applies in particular to stacks of Cisco Catalyst 9300, stacks of Cisco IE9300 and Cisco Catalyst 9400 with redundant processor boards.
· The sensor application supports RSPAN on Catalyst 9300 and Catalyst 9400 in addition to ERSPAN in Cisco Cyber Vision version 4.1.3. In case of RSPAN usage, multicast packets and packet VLAN information are not transferred to the sensor application.
Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 11

Known issues

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 12

Initial configuration

6 C H A P T E R

in body: To install Cisco Cyber Vision on a Cisco switch, you must perform the Initial configuration which steps are described in this section.
· Configure the switch access, on page 13 · Check the software version, on page 13 · SD Card (IE3x00/IE9x00), on page 14 · SSD Disk (Catalyst 9x00), on page 15 · Check date and time, on page 15 · Enable IOx, on page 16 · Add the necessary configuration parameters (IE3x00), on page 17 · Add the necessary configuration parameters (Catalyst 9x00/IE9x00), on page 19
Configure the switch access
To configure each Cisco switch access refer to its corresponding installation guide available through the following links:
· Cisco Catalyst IE3x00: https://www.cisco.com/c/en/us/support/switches/catalyst-ie3300-rugged-series/series.html#~tab-documents https://www.cisco.com/c/en/us/support/switches/catalyst-ie3400-rugged-series/series.html#~tab-documents https://www.cisco.com/c/en/us/support/switches/catalyst-ie3400-heavy-duty-series/series.html
· Cisco Catalyst IE9x00: https://www.cisco.com/c/en/us/support/switches/catalyst-ie9300-rugged-series/series.html
· Cisco Catalyst 9x00: https://www.cisco.com/c/en/us/support/switches/catalyst-9300-series-switches/series.html#~tab-documents https://www.cisco.com/c/en/us/support/switches/catalyst-9400-series-switches/series.html#~tab-documents

Check the software version
· Check the software version using the following command in the switch's CLI:

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 13

SD Card (IE3x00/IE9x00)

Initial configuration

Show version
To be compatible with the Cisco Cyber Vision Sensor Application: · the displayed version for Cisco IE3x00 and Cisco Catalyst 9x00 must be 17.02.01 or higher. · the displayed version for Cisco IE9x00 must be 17.09.01 or higher.
For example: Cisco IE3400

If the version is lower, you must update the switch firmware. To do so, follow the links to the products page in Configure the switch access.
SD Card (IE3x00/IE9x00)
If not already done, insert a 4GB Cisco SD card into the switch SD Card slot. · You can format the SD card using the following command:
format sdflash: ext4

· You can partition the SD card using the following command:
partition sdflash: iox
Partition is intended for SD swap drive usage. For more information, refer to the corresponding switch user manual. · You can check the file system using the following command (check for ext4 and Read/Write):
show sdflash: filesys

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 14

Initial configuration
SSD Disk (Catalyst 9x00)
If not already done, insert a 120GB Cisco SSD disk in the SSD slot. · You can format the SSD disk using the following command:
format usbflash1: ext4

SSD Disk (Catalyst 9x00)

· You can check the file system using the following command (check for ext4 and Read/Write):
show usbflash1: filesys

Check date and time
The internal clock of the switch must be synchronized and configured properly.
Note Unlike hardware sensors (i.e. Cisco IC3000) that fetch their time from the Center, the Cyber Vision IOX application sensor gets the time from the host (switch platform). Therefore, it is critical that the host synchronizes its time with the Center or a valid NTP server if it's synchronized with the Center. If the time difference is large (hours or more), the user should adjust the Cisco IE3400 time using the Local Manager so it is close to the reference time. If not, the synchronization may take many update cycles.
1. Check the date and time using the following command:
Show clock
For examples: Cisco IE3400:
Cisco Catalyst 9300:
Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 15

Enable IOx

Initial configuration

2. If needed, adjust to the UTC time using the following command:
clock set [hh:mm:ss] [month] [day] [year]
Or go to the Local Manager: For example: Cisco IE3400

Enable IOx
Before installing the Cisco Cyber Vision sensor on the hardware, you must enable IOx. 1. Enable IOx using the following command:
configure terminal iox
For examples: Cisco IE3400:
Cisco Catalyst 9300:
Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 16

Initial configuration

Add the necessary configuration parameters (IE3x00)

2. Check the IOx service status using the following command:
exit show iox
For examples: Cisco IE3400:

Cisco Catalyst 9300:

Add the necessary configuration parameters (IE3x00)
The example of configuration given below is a simple one. This configuration is only valid if a direct link exists between the Center and the switch with the embedded sensor. In this case, the dedicated port is configured with the Collection VLAN (for example, 507). In many other cases, the port used for communication between the Center and the sensor will have to be configured as trunk. 1. Open the Cisco IE3300 10G/IE3400 CLI through ssh or via the console terminal.
Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 17

Add the necessary configuration parameters (IE3x00)
2. Configure a VLAN for traffic mirroring using the following commands:
configure terminal vtp mode off vlan 2508 remote-span exit

Initial configuration

The VTP off command is performed here since VTP is enabled by default and is not compatible with a high VLAN number. If needed, select another VLAN number and use the VTP configuration requested by the network. 3. Configure the AppgigabitEthernet port for communications to reach the IOx virtual application using the following commands:
interface AppGigabitEthernet 1/1 switchport mode trunk exit
4. Configure the SPAN session and add to the session the interfaces to monitor:
monitor session 1 source interface Gi1/10 both monitor session 1 destination remote vlan 2508 monitor session 1 destination format-erspan 169.254.1.2
5. Configure one of the switch's ports to enable the communication between the virtual sensor and the Center:
int gi1/3 switchport access vlan 507 no shutdown
6. Save the configuration using the following commands:
Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 18

Initial configuration
exit write mem

Add the necessary configuration parameters (Catalyst 9x00/IE9x00)

The initial configuration is now complete. Proceed with the application installation and deployment following one of the procedures below:
· Procedure with the Cisco Cyber Vision sensor management extension, on page 23
· Procedure with the Local Manager, on page 35
· Procedure with the CLI, on page 53

Add the necessary configuration parameters (Catalyst 9x00/IE9x00)
The configuration examples given in this section are simple ones. They are only valid if a direct link exists between the Center and the switch with the embedded sensor. In this case, the dedicated port is configured with the Collection VLAN (for example, 507). In many other cases, the port used for communication between the Center and the sensor will have to be configured as trunk. Configuration with ERSPAN is recommended but requires routing to be enabled on the switch. If this is not possible, RSPAN is available on the Catalyst 9x00. However, note that Multicast and VLAN information will be missing with this configuration.
Configure with ERSPAN
Procedure

Step 1 Step 2
Step 3

Open the switch's CLI through ssh or via the console terminal. Configure a VLAN for traffic mirroring using the following commands:
configure terminal ip routing vlan 2508 exit int vlan 2508 ip address 169.254.1.1 255.255.255.252 no shutdown exit
Configure the AppGigabitEthernet port which will enable the communication to the IOx virtual application:
interface AppGigabitEthernet 1/0/1 switchport mode trunk exit

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 19

Configure with ERSPAN

Initial configuration

Step 4

Configure the SPAN session and add to the session the interfaces to monitor:
Note Disabling the ip routing command for IPv4 connections and ipv6 unicast-routing command for IPv6 connections stops ERSPAN traffic flow to the destination port. Link to Catalyst 9300 manual.
monitor session 1 type erspan-source source interface Gi1/0/2 - 24 both no shutdown destination erspan-id 2 mtu 9000 ip address 169.254.1.2 origin ip address 169.254.1.1 exit exit

Step 5

Configure one of the switch's ports to enable the communication between the virtual sensor and the Center:
interface GigabitEthernet1/0/1 switchport access vlan 507 no shutdown exit

Step 6

Save the configuration:
exit write mem

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 20

Initial configuration

Configure with RSPAN (Catalyst 9x00 only)

What to do next The initial configuration is now complete. Proceed with the application installation and deployment following one of the procedures below:
· Procedure with the Cisco Cyber Vision sensor management extension, on page 23 · Procedure with the Local Manager, on page 35 · Procedure with the CLI, on page 53

Configure with RSPAN (Catalyst 9x00 only)
Before you begin The VLAN configured for RSPAN (here 2508) must be filtered on all trunk ports except for the AppGigabitEthernet interface.
Procedure

Step 1 Step 2
Step 3

Open the switch's CLI through ssh or via the console terminal. Configure a VLAN for traffic mirroring using the following commands:
configure terminal vlan 2508 exit int vlan 2508 remote-span exit
Configure the AppGigabitEthernet port which will enable the communication to the IOx virtual application:
interface AppGigabitEthernet 1/0/1 switchport mode trunk exit

Step 4

Configure the SPAN session and add to the session the interfaces to monitor:
monitor session 1 source interface Gi1/0/2 - 24 both monitor session 1 destination remote vlan 2508

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 21

Configure with RSPAN (Catalyst 9x00 only)

Initial configuration

Step 5

Configure one of the switch's ports to enable the communication between the virtual sensor and the Center:
interface GigabitEthernet1/0/1 switchport access vlan 507 no shutdown exit

Step 6

Save the configuration:
exit write mem

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 22

7 C H A P T E R
Procedure with the Cisco Cyber Vision sensor management extension
After the Initial configuration, proceed to the steps described in this section. This section also describes the steps to configure Active Discovery.

Note To be able to use the Cisco Cyber Vision sensor management extension, an IP address reachable by the Center Collection interface must be set on the Collection VLAN.
· Install the sensor management extension, on page 23 · Create a sensor in the sensor management extension, on page 25 · Configure a sensor in the sensor management extension, on page 27 · Configure Active Discovery, on page 31
Install the sensor management extension
To install the sensor management extension, you must:
Procedure

Step 1 Step 2 Step 3

Retrieve the extension file (i.e. CiscoCyberVision-sensor-management-<version>.ext) from cisco.com. Access the Extension administration page in Cisco Cyber Vision. Import the extension file.

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 23

Management jobs

Procedure with the Cisco Cyber Vision sensor management extension

Once the sensor management extension is installed, you will find a new management job under the sensor administration menu (Management jobs, on page 24), and the Install via extension button will be enabled in the Sensor Explorer page.
Management jobs
As some deployment tasks on sensors can take several minutes, this page shows the jobs execution status and advancement for each sensor deployed with the sensor management extension. This page is only visible when the sensor management extension is installed in Cisco Cyber Vision.

You will find the following jobs:
Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 24

Procedure with the Cisco Cyber Vision sensor management extension

Create a sensor in the sensor management extension

· Single deployment This job is launched when clicking the Deploy Cisco device button in the sensor administration page, that is when a new IOx sensor is deployed.
· Single redeployment This job is launched when clicking the Reconfigure Redeploy button in the sensor administration page, that is when deploying on a sensor that has already been deployed. This option is used for example to change the sensor's parameters like enabling active discovery.
· Single removal This job is launched when clicking the Remove button from the sensor administration page.
· Update all devices This job is launched when clicking the Update Cisco devices button from the sensor administration page. A unique job is created for all managed sensors that are being updated.
If a job fails, you can click on the error icon to view detailed logs.

Create a sensor in the sensor management extension
Procedure

Step 1

In Cisco Cyber Vision, navigate to Admin > Sensors > Sensor Explorer and click Install sensor, then Install via extension.

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 25

Create a sensor in the sensor management extension

Procedure with the Cisco Cyber Vision sensor management extension

Step 2

Fill the requested fields so Cisco Cyber Vision can reach the device: · IP address: admin address of the device. · Port: management port (443). · Login: user with the admin rights of the device. · Password: password of the admin user. · Capture Mode: Optionally, select a capture mode.

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 26

Procedure with the Cisco Cyber Vision sensor management extension

Configure a sensor in the sensor management extension

Step 3

Click Connect.
The Center will join the device and the second parameter list will be displayed. For this step to succeed, the device needs to be reachable by the Center on its eth1 connection.

Configure a sensor in the sensor management extension
If the Center can join the switch, the following form appears: Form for the Cisco IE3x00 and the Cisco IE9x00:

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 27

Configure a sensor in the sensor management extension

Procedure with the Cisco Cyber Vision sensor management extension

Form for the Cisco Catalyst 9x00 with RSPAN configuration available:
While some parameters are filled automatically, you can still change them if necessary.
Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 28

Procedure with the Cisco Cyber Vision sensor management extension

Configure a sensor in the sensor management extension

Procedure

Step 1
Step 2 Step 3

Fill the following parameters for the Collection interface: · Capture IP address: IP address destination of the monitor session in the sensor · Capture prefix length: mask of the capture IP address · Capture VLAN number: VLAN of the monitor session in the sensor · Collection IP address: IP address of the sensor in the device · Collection prefix length: mask of the Collection IP address · Collection gateway: gateway of the Collection IP address · Collection VLAN number: VLAN of the sensor
Click Next. Active Discovery: If you want to enable Active Discovery on the sensor, select Passive and Active Discovery. You can:
· use the sensor Collection interface by selecting it:

· add new network interfaces filling the following parameters to set dedicated network interfaces and clicking Add: · IP address · Prefix length · VLAN number
Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 29

Configure a sensor in the sensor management extension

Procedure with the Cisco Cyber Vision sensor management extension

Step 4

Click Deploy.
The Center starts deploying the sensor application on the target equipment. This can take a few minutes. You can go to the Management jobs page to check the deployment advancements.

Once the deployment is finished, a new sensor appears in the sensors list. The sensor's status will eventually turn to connected.
If the Active Discovery has been enabled and set -that is if the option Passive and Active Discovery was selected when configuring the sensor in the sensor management extension- the sensor is displayed as below with Active Discovery's status as Enabled.
Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 30

Procedure with the Cisco Cyber Vision sensor management extension

Configure Active Discovery

Configure Active Discovery
Once the sensor is connected, you can change the Active Discovery's network interface so it uses the Collection network interface instead, and add several network interfaces for the sensor to perform Active Discovery on several subnetworks at the same time.
Procedure
Step 1 Click the sensor to configure and click the Active Discovery button on its right side panel.

Step 2

The Active Discovery configuration appears with the interface currently set. Select Use collection interface for the Active Discovery to use the Collection network interface.

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 31

Configure Active Discovery

Procedure with the Cisco Cyber Vision sensor management extension

To add a network interface to Active Discovery for the sensor to perform active monitoring on another subnetwork:

Step 3 Step 4

Add a new network interface by clicking the corresponding button. Fill the following parameters to set dedicated network interfaces:
· IP address

· Prefix length

· VLAN number

Step 5 Click Add.

Step 6

You can add as many network interfaces as needed. When you are done, click Configure.

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 32

Procedure with the Cisco Cyber Vision sensor management extension

Configure Active Discovery

A message saying that the configuration has been applied successfully appears.

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 33

Configure Active Discovery

Procedure with the Cisco Cyber Vision sensor management extension

Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 34

8 C H A P T E R
Procedure with the Local Manager
After the Initial configuration, on page 13, proceed to the steps described in this section. · Access the Local manager, on page 35 · Install the sensor virtual application, on page 37 · Configure the sensor virtual application (IE3x00/IE9x00), on page 38 · Configure the sensor virtual application (Catalyst 9x00), on page 42 · Generate the provisioning package, on page 47 · Import the provisioning package, on page 50
Access the Local manager
1. Open a browser and navigate to the IP address you configured on the interface you are connected to. 2. Log in using the Local Manager user account and password.
For example: Cisco IE3300 10G/IE3400
Cisco Cyber Vision Sensor Application for Cisco Switches Installation Guide, Release 4.1.3 35

Access the Local manager