D-14
Cisco Intrusion Prevention System Appliance Hardware Installation Guide for IPS 7.1
OL-24002-01
Appendix D Upgrading, Downgrading, and Installing System Images
Installing System Images
TFTP Servers
ROMMON uses TFTP to download an image and launch it. TFTP does not address network issues such
as latency or error recovery. It does implement a limited packet integrity check so that packets arriving
in sequence with the correct integrity value have an extremely low probability of error. But TFTP does
not offer pipelining so the total transfer time is equal to the number of packets to be transferred times
the network average RTT. Because of this limitation, we recommend that the TFTP server be located on
the same LAN segment as the sensor. Any network with an RTT less than a 100 milliseconds should
provide reliable delivery of the image. Be aware that some TFTP servers limit the maximum file size that
can be transferred to ~32 MB.
Connecting an Appliance to a Terminal Server
A terminal server is a router with multiple, low speed, asynchronous ports that are connected to other
serial devices. You can use terminal servers to remotely manage network equipment, including
appliances.
To set up a Cisco terminal server with RJ-45 or hydra cable assembly connections, follow these steps:
Step 1 Connect to a terminal server using one of the following methods:
• For terminal servers with RJ-45 connections, connect a rollover cable from the console port on the
appliance to a port on the terminal server.
• For hydra cable assemblies, connect a straight-through patch cable from the console port on the
appliance to a port on the terminal server.
Step 2 Configure the line and port on the terminal server. In enable mode, enter the following configuration,
where # is the line number of the port to be configured.
config t
line #
login
transport input all
stopbits 1
flowcontrol hardware
speed 9600
exit
exit
wr mem
Step 3 Be sure to properly close a terminal session to avoid unauthorized access to the appliance. If a terminal
session is not stopped properly, that is, if it does not receive an exit(0) signal from the application that
initiated the session, the terminal session can remain open. When terminal sessions are not stopped
properly, authentication is not performed on the next session that is opened on the serial port.
Caution Always exit your session and return to a login prompt before terminating the application used to establish
the connection.
Comments to this Manuals