Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1883
Views
0
Helpful
0
Comments

The "Error: This hardware platform, is not supported in version 5.x ." error message appears while IDS 4215 is upgraded from version 4.1 to 5.1

TCC_2
Level 10
Level 10

‎06-22-2009 06:11 PM - edited ‎03-08-2019 06:27 PM

Core issue

This error message is seen when the user tries to upgrade the software from a different account other than the Service account.

Resolution

Follow the procedures to upgrade the Sensor:

Create a Service Account If You Do Not Have One

  1. Log in to use the administrator account.  The prompt looks like this:
    sensor#

  2. Enter configure terminal mode:
    sensor#configure terminal

  3. Create the service account:
    sensor(config)#username privilege
    service password cisco12345
    Note: Only one service account can be configured. 

Manually FTP to the Intrusion Detection System (IDS)

  1. Log in and use the service account and root.  The prompt looks like this:
    bash-2.05a$

  2. Go into this directory:
    bash-2.05a$cd /usr/cids/idsRoot/var/updates

  3. Connect to the FTP server:
    bash-2.05a$ftp

  4. Setup the FTP client to use a binary mode to get the file:
    ftp>bi

  5. Check that the file is in the FTP server:
    ftp>ls

    This is a sample output:

    227 Entering Passive Mode .
    125 Data connection already open; Transfer starting.
    IDS-sig-4.1-1-S55.rpm.pkg
    -rwxrwxrwx  1 owner  group  2127802 Oct 20 20:15
    IDS-sig-4.1-1-S56.rpm.pkg
    -rwxrwxrwx  1 owner  group  2143144 Oct 20 20:22
    IDS-sig-4.1-1-S57.rpm.pkg
    226 Transfer complete.
  6. Retrieve the file.  You can copy and paste the filename from the previous output:
    ftp>get

  7. Close the FTP connection and quit the FTP client:
    ftp>close
    ftp>quit

  8. Check if the file is there:
    bash-2.05a$ls

  9. Log out from the service account:
    bash-2.05a$exit


Issue a Secure Copy (SCP)

  1. Log in and use the administrator account. The prompt looks like this:
    sensor#
  2. Enter configure terminal mode:
    sensor#configure terminal

  3. Create the key:
    sensor(config)#ssh host-key

  4. Type Yes in order to accept the key.

  5. Apply the upgrade:

    sensor(config)#upgrade scp://
    User:
    Server's IP Address:
    Port[22]:
    File name:
    Password:
    Warning: Executing this command will apply a signature update to the
    application
    partition.
    Continue with upgrade? : yes

Note: For the ssh host-key, you need to modify the access list on the Sensor to permit the IP address of the Sensor.

If you get the Error: Invalid remote version string. error message, ensure that the management interface address is in the access list. If not, add it with the use of these commands:

configure terminal

service Host

networkParams

accessList ipAddress  x.x.x.x netmask 255.255.255.255

Note: Make sure that you have actually placed the ips-k9-maj-5.0-1d-s149.rpm.pkg file in the /usr/cids/idsRoot/var/updates
directory on the Sensor. In order to do so, you use Winscp3, login to the Sensor service account, and drag and drop the file from your desktop to the right folder.

Note: If you have already placed the file in that directory, use this scp command instead:

Sensor(config)#upgrade scp://service_acct_user@://usr/cids/idsRoot/var/updates/upgrade_file_name.pkg

For more details, refer to the Upgrading Cisco IPS Software from 4.1 to 5.x section of Obtaining Software.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents