Cisco IDS Re-imaging Procedures

There are a number of reasons or circumstances where you may need to rebuild your Cisco IDS. Rebuilding refers to the reinstallation of the application software. This will tho mean that all of your configuration changes will be wiped, apart from your management configuration when reimaging your sensor via the CLI.

There are 3 ways in which you can rebuild your sensor. These are via the CLI, ISO Image or TFTP Server.

CLI

To reimage your sensor using the command line issue the following command once you are logged in.

sensor(config)# recover application-partition ?
Warning: Executing this command will stop all applications and re-image the node to version 5.1
(4). All configuration changes except for network settings will be reset to default.
Continue with recovery? []: yes

Once the device has rebooted itself it will proceed with the reimaging. All of your configuration will be lost apart from a subset of the management based config.

TFTP Server

Via an TFTP server you will need to upload the image to your TFTP server and then boot your sensor into rommon mode to initiate the TFTP copy. This is achieved via :

1. Reboot your sensor
2. At the point your sensor reboots and displays the text “Evaluating Run Options” press CTRL – R
3. This will take you into rommon.
4. You will now need to specify the following settings :

rommon> address [sensor ip address]
rommon> server [tftp ip address]
rommon> file [recovery image file name]
rommon> tftp <enter>
(Once you press enter your sensor will copy the image across via your TFTP server)

As you will not have any configuration, initiate the “setup” command once you have logged into the sensor using the default username and password.

ISO image

Copy the ISO image to a CD and boot your sensor from your CD. Your sensor will present you with the required options for initiating the reimage from the ISO.

Additional Resources : http://www.cisco.com/en/US/docs/security/ips/6.1/installation/guide/hw_system_images.html#wpmkr1288815

• Author
• Recent Posts

Rick Donato

Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.

Latest posts by Rick Donato (see all)

• How to Configure a BIND Server on Ubuntu - March 15, 2018
• What is a BGP Confederation? - March 6, 2018
• Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial