Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
117
Views
0
Helpful
0
Comments

User needs to recover from a failed IDS software upgrade

TCC_2
Level 10
Level 10

‎06-22-2009 05:07 PM - edited ‎03-08-2019 06:22 PM

Core issue

To recover from a failed Cisco Intrusion Detection System (IDS) software upgrade, manually use Serial Control Protocol (SCP) or FTP to get the file to the sensor. This eliminates the problems with MainApp not understanding the prompts or not waiting long enough for the transfer.

If the service account cannot get the file downloaded, the problem is either with the end FTP, the SCP server or the network. Once the file is on the sensor, the upgrade command should work, as MainApp understands the SCP prompts from the sensor itself. There are no network issues because the file is already on that computer.

Resolution

The workaround is to use an upgrade failure to get to the next version.

Perform these steps:

  1. Create a service account (if you do not have one) by referring to Release Notes for the Cisco Intrusion Prevention System Version 5.0

    Perform these steps:

    1. Log in to the Command Line Interface (CLI).

    2. Enter the configure terminal mode, as shown in this example:

      sensor# configure terminal

    3. Create the service account, as shown in this example:

      sensor(config)# username service privilege service password cisco12345

      Note: The first service is a recommended username, while the second service is the privilege to be assigned to this new user.
    4. Exit the configure terminal mode, as shown in this example:
      sensor(config)# exit 
  2. Log in with the service account, as shown in this example: 
    
sensor login: service
Password: **********

  3. Use FTP or SCP to manually copy the update to the service account's home directory, as shown in this example:
    bash-2.05a$ ftp 

  4. Back in the CLI, go to config t, as shown in this example: 
     
sensor# configure terminal 

  5. Accept the sensor's Secure Shell (SSH) key as a server key, as shown in this example:
    sensor(config)#ssh host-key 
  6. Access the file through the sensor's own SCP server for the upgrade or copy command, as shown in this example:
    sensor(config)
#scp://@/
  7. To upgrade, issue this command:
    sensor(config)# upgrade scp://
    User: service
    Server's IP Address: 
    Port[22]: 
    File name: IDS-K9-min-4.1-1S47.rpm.pkg
    Password: **********
    Warning: Executing this command will apply a signature update to the application 
    partition. Continue with upgrade? : yes
    Note: Do not reboot the sensor during this update.
For more information on upgrading the IDS Sensor from a CD-ROM, refer to the Using the Recovery/Upgrade CD section of  Upgrading, Downgrading, and Installing System Images.

					
				
			
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	

		
			
					
	

		
			
				
						
							Labels:
						
						
		

			
		

	
					
			
		
	


	

	

	

				
		
			
		
			
					
			
		
				
		
			
		
			
		
	
	


		

	

		

			

	
		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Helpful

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
	
	


		

			

	
		

			
		
			
            
        
		
			
		
			
					
		

	
			
		


	
				
		
	
		

	
	


		

	

		

			

	
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	


		

	



		

	

	

	




		
		
			
			
		
		
			
             
            
			
            
		
		
	
	


		

			

	
		

			
		
			
 
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:


 

		
	
		

	
	

	
		
				

        

	


		
			
 
 

		
			
		
			

		
			



  

    

      

        

          
Customers Also Viewed These Support Documents