Deployment of Cisco IPS 4240 devices

Answered Question
May 8th, 2009

I can't seem to find any information regarding mass rollouts of Cisco IPS 4240 devices. I have 6 devices I intend to roll out to several remote offices and tie into a centralized Cisco MARS appliance. Without using any CSM/LMS software, is there an quick and dirty way to pull this off? I'm thinking to configure a single IPS device then pull and distribute its configuration file to the remaining devices. Would like to see how others have accomplished this...

Correct Answer by marcabal about 7 years 9 months ago

If all of your sensors are the same type (all 4240s in your situation) and will all run the extact same configuration, then the copy command will help you out.


There was a new feature added into the copy command in IPS 6.1 that will help you in copying config from one sensor to another.


You full configure one sensor (use IME, IDM, or CLI). When you are happy with the configuration then use the copy command to copy it TO an SCP server.


Now bringup a second sensor and configure the basic networking parameters through setup (ip address, gateway, etc...).

Now use the copy command on the second to copy the first sensors configuration FROM the SCP server into the running config of the second sensor.

It will prompt you whether to overwrite the second sensor's networking parameters.

Answer NO.

The rest of the first sensor's configuration will copied into the second sensor.

The second sensor will keep it's own unique IP but will gain the rest of the configuration from the first sensor's config.


Continue doing this with any additional sensors.


The process can then be repeated anytime additional changes are made to the first sensor.


Keep in mind though that this only works if the sensor's configuration will be exactly duplicated (including what interfaces would be monitored and how).


If each sensor will have some unique tunings then you will need to either manage each sensor on it's own, or purchase CSM that can be used to share only certain portions of the configuration across multiple sensors.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Correct Answer
marcabal Fri, 05/08/2009 - 13:00

If all of your sensors are the same type (all 4240s in your situation) and will all run the extact same configuration, then the copy command will help you out.


There was a new feature added into the copy command in IPS 6.1 that will help you in copying config from one sensor to another.


You full configure one sensor (use IME, IDM, or CLI). When you are happy with the configuration then use the copy command to copy it TO an SCP server.


Now bringup a second sensor and configure the basic networking parameters through setup (ip address, gateway, etc...).

Now use the copy command on the second to copy the first sensors configuration FROM the SCP server into the running config of the second sensor.

It will prompt you whether to overwrite the second sensor's networking parameters.

Answer NO.

The rest of the first sensor's configuration will copied into the second sensor.

The second sensor will keep it's own unique IP but will gain the rest of the configuration from the first sensor's config.


Continue doing this with any additional sensors.


The process can then be repeated anytime additional changes are made to the first sensor.


Keep in mind though that this only works if the sensor's configuration will be exactly duplicated (including what interfaces would be monitored and how).


If each sensor will have some unique tunings then you will need to either manage each sensor on it's own, or purchase CSM that can be used to share only certain portions of the configuration across multiple sensors.


rhermes Wed, 05/13/2009 - 12:17

CSM for 6 sensors? That is an expensive bit of overkill. Sure it installs with a 90 day trial, but does it really provide as much value as it costs for managing 6 sensors? Isn't the Base License for 50 devices?

That's a lot of unused licenses.


Copy and paste is free.

michael.d.brown... Wed, 05/13/2009 - 13:00

its about $2,500 for a 5 device license,but thats 2500 that could be spent on your smartnet maintenace or star bucks coffee and doughnuts.


in the end, it all depends on what you want and how you want it done with the resources and time you have or don't have. With the new versions of IPS 6.1/6.2 code you can perform quite a bit of the functions CSM does without the additional costs. like the automatic updates are a whole lot better and can be updated directly from cisco.com easier in 6.1 and higher versus 5.x and 6.0.



Actions

This Discussion