Cisco IPS-4255-K9 Installation Guide - Page 244
Using the auto-upgrade Command, show statistics host, ssh host-key
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 244 highlights
Configuring Automatic Upgrades Chapter 12 Upgrading, Downgrading, and Installing System Images For More Information For the procedure for adding a remote host to the SSH known hosts list, for IDM refer to Defining Known Hosts Keys, for IME refer to Defining Known Host Keys, and for the CLI, refer to Adding Hosts to the SSH Known Hosts List. Using the auto-upgrade Command Note If you get an unauthorized error message while configuring an automatic update, make sure you have the correct ports open on any firewalls between the sensor and Cisco.com. For example, you need 198.133.219.25 port 443 for the initial automatic update connection to www.cisco.com, and you need 198.133.219.243 port 80 to download the chosen package from a Cisco file server. The IP address may change for the Cisco file server, but you can find it in the lastDownloadAttempt section in the output of the show statistics host command. Note To check the status of the last automatic update or the next scheduled automatic update, run the show statistics host command and check the Auto Update Statistics section. To schedule automatic upgrades, follow these steps: Step 1 Step 2 Step 3 Log in to the CLI using an account with administrator privileges. Enter automatic upgrade submode. sensor# configure terminal sensor(config)# service host sensor(config-hos)# auto-upgrade sensor(config-hos-aut)# Configure the sensor to automatically look for new upgrades either on Cisco.com or on your file server. a. On Cisco.com. sensor(config-hos-aut)# cisco-server enabled Continue with Step 4. b. From your server. sensor(config-hos-aut)# user-server enabled c. Specify the IP address of the file server. sensor(config-hos-ena)# ip-address 10.1.1.1 d. Specify the directory where the upgrade files are located on the file server. sensor(config-hos-ena)# directory /tftpboot/sensor_updates e. Specify the file server protocol. sensor(config-hos-ena)# file-copy-protocol ftp Note If you use SCP, you must use the ssh host-key command to add the server to the SSH known hosts list so the sensor can communicate with it through SSH. 12-8 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01