fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Cisco IDS Re-imaging Procedures

There are a number of reasons or circumstances where you may need to rebuild your Cisco IDS. Rebuilding refers to the reinstallation of the application software. This will tho mean that all of your configuration changes will be wiped, apart from your management configuration when reimaging your sensor via the CLI.

There are 3 ways in which you can rebuild your sensor. These are via the CLI, ISO Image or TFTP Server.

CLI

To reimage your sensor using the command line issue the following command once you are logged in.

sensor(config)# recover application-partition ?
Warning: Executing this command will stop all applications and re-image the node to version 5.1(4). All configuration changes except for network settings will be reset to default.
Continue with recovery? []: yes

Once the device has rebooted itself it will proceed with the reimaging. All of your configuration will be lost apart from a subset of the management based config.

TFTP Server

Via an TFTP server you will need to upload the image to your TFTP server and then boot your sensor into rommon mode to initiate the TFTP copy. This is achieved via :

  1. Reboot your sensor
  2. At the point your sensor reboots and displays the text "Evaluating Run Options" press CTRL - R
  3. This will take you into rommon.
  4. You will now need to specify the following settings :
rommon> address [sensor ip address]
rommon> server [tftp ip address]
rommon> file [recovery image file name]
rommon> tftp <enter>
(Once you press enter your sensor will copy the image across via your TFTP server)

As you will not have any configuration, initiate the "setup" command once you have logged into the sensor using the default username and password.

ISO image

Copy the ISO image to a CD and boot your sensor from your CD. Your sensor will present you with the required options for initiating the reimage from the ISO.

Additional Resources : http://www.cisco.com/en/US/docs/security/ips/6.1/installation/guide/hw_system_images.html#wpmkr1288815

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001