This document provides the steps required to configure the Cisco IOS Inspector.
Recommended Agent: On-Premises
Supported Agents: On-Premises or Self-Hosted
Is Auto-Discovered By: N/A
Can Auto-Discover: N/A
Parent/Child Type Inspector: No
Inspection via: SSH
Data Summary: Here
Cisco IOS Versions
Currently, the Cisco IOS Inspector only supports traditional IOS switches. The SG Series, IOS-XE, IOS-XR, and NX-OS switches are not supported by this Inspector. If you would like to see a particular switch supported, please add your feedback here.
Cisco Small Business Solution (SBS) Switches
If you are trying to inspect Cisco Small Business Solution (SBS) Switches, you must deploy our Cisco Small Business Solution (SBS) Switch Inspector.
See it in Action
Video isn't playing? Click here.
Inspector Setup Preparation
Cisco IOS Configuration for On-Premises Inspection Requirements
Please follow the instructions to deploy an On-Premises Agent before proceeding.
Configuring Management via SSH
You must allow the agent to communicate with the device via SSH. Follow the steps outlined in this Cisco Reference guide to setup SSH access.
There are two methods for SSH authentication. Liongard currently only supports the Enable Password method with Username and Password. SSH Private Key and Passphrase Authentication are currently still being developed.
HMAC-SHA1 must be enabled on the device for the Cisco IOS Inspector to function properly. This is true even if you have a defined bit length HMAC already enabled.
Liongard Inspector Setup
Individual Inspector Setup
In Liongard, navigate to Admin > Inspectors > Inspector Types > Navigate to the Cisco IOS Inspector > Select Add System.
Fill in the following information:
- Environment: Select the Environment this System should be associated to
- Friendly Name: Suggested "Cisco IOS [Environment Name]"
- Agent: Select the On-premises Agent installed for this Environment
- Inspector Version: Latest
- IP/Hostname: Enter the address used to access the device
- SSH Port: Provide the port that SSH is listening on. Default for SSH is typically 22.
- SSH Username: Input the Username configured to authenticate with SSH.
If you chose to create an SSH User Account:
- Enable Password: Input the password created during the SSH setup
- SSH Password: Input the password configured in the SSH setup
If you chose to use an SSH Private Key and Passphrase:
SSH Private Key: Provide the Private Key
SSH Passphrase for Private Key: (IF CONFIGURED) Provide the Passphrase generated
Scheduling: The Inspector will default to run once a day at the time the Inspector is set up. Here you can adjust the schedule
Select Save. The Inspector will now be triggered to run within the minute
Optional: Turn on Flexible Asset/Configuration Auto-Updating
If you would like this Inspector's data to be sent to ConnectWise and/or IT Glue, turn on Flexible Assets/Configurations for this Inspector:
- ConnectWise: Admin > Integrations > ConnectWise > Configuration Types > Confirm the "Configuration Auto-Updating" toggle is enabled
- IT Glue: Admin > Integrations > IT Glue > Flexible Assets > Confirm the "Flexible Asset Auto-Updating" toggle is enabled
Roll out Inspectors at Mass via CSV Import
For more information, please watch our How To video
To import Cisco IOS Inspectors via CSV Import, navigate to Admin > Inspectors > Cisco IOS > Select the down arrow icon in the top right-hand to Download CSV Import Template.
In the CSV Template, each row, starting on row three, will represent an Inspector. Fill in the following information for each Inspector you want to roll out:
- Agent.Name: This column is case sensitive. Copy and paste the associated Agent name from the Admin > Agents screen
- Inspector.Name: Enter "cisco-ios-inspector"
- Environment.Name: This column is case sensitive. Copy and paste the associated Environment name from the Dashboard screen
- Alias: Enter the Desired Friendly Name
- Config.SSH_HOST: Enter the IP address or the hostname used to access the device
- SecureConfig.SSH_PORT: Enter the port that SSH is listening on (default for SSH is typically 22)
- SecureConfig.SSH_USER: Enter the username configured for the SSH user
- FreqType: Enter "days"
- FreqInterval: Enter "1"
If you chose to create an SSH User Account, leave the SecureConfig.SSH_PRIVATE_KEY and SecureConfig.SSH_PASS_PHRASE columns empty, and fill out the following columns:
- SecureConfig.IOS_PASSWORD: Enter the enable password configured on the device
- SecureConfig.SSH_PASSWORD: Enter the password configured for the SSH user
If you chose to use an SSH Private Key and Passphrase, leave the SecureConfig.IOS_PASSWORD and SecureConfig.SSH_PASSWORD columns empty, and fill out the following columns:
- SecureConfig.SSH_PRIVATE_KEY: Enter the Private Key
- SecureConfig.SSH_PASS_PHRASE: Enter the Passphrase generated
When ready to Import the CSV Template of Inspectors, navigate to Admin > Inspectors > Cisco IOS > Select the up arrow icon in the top right-hand to Import CSV > Select your saved template.
After the successful import notification, reload your browser to find your imported Inspectors.
These Inspectors will automatically trigger themselves to run within a minute.
Inspector Fails with Security Error
If a security error is generated when the inspector is run, you may need to accept the RSA key on the server with which you are connecting. You can use PuTTY and when you do so, you will have the opportunity to add the key to the server's cache.
Updated 3 months ago