2-9
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter2 Preparing Devices for Management
Setting Up AUS or Configuration Engine
Setting Up CNS on Cisco IOS Routers in Event-Bus Mode
You can configure Cisco IOS routers to use the CNS protocol to contact a Cisco Configuration Engine
for configuration and image updates. The Configuration Engine can operate in two modes, event-bus and
call-home. The following procedure describes how to configure a router to use event-bus mode. For
information on using call-home mode, see Setting Up CNS on Cisco IOS Routers in Call-Home Mode,
page 2-10.
See the Configuration Engine product documentation for more information about configuring and using
the product.
Step 1 Enter configuration mode.
router# config terminal
Step 2 Configure the hostname and domain name if the device is new.
router(config)# hostname name
hostname(config)# ip domain-name your_domain
Step 3 Specify the trusted server for the CNS agent. Enter the IP address of the trusted server.
hostname(config)# cns trusted-server all-agents ip_address
Step 4 Configure the CNS event gateway, which provides CNS event services to Cisco IOS clients. Enter the IP
address of the event gateway, and optionally the port. The default port is either 11011 (with no
encryption) or 11012 (with encryption). Include the encrypt keyword to use an SSL encrypted link to
the event gateway.
hostname(config)# cns event ip_address [encrypt] [port]
Step 5 Start the CNS configuration agent and accept a partial configuration. Include the encrypt keyword to
use an SSL encrypted link to the web server.
hostname(config)# cns config partial ip_address [encrypt]
Step 6 Set the CNS password, which must be the same password configured on the CNS gateway. For
information on how to authenticate a Cisco IOS router on a Configuration Engine, see Cisco
Configuration Engine Administrator Guide at
http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/prod_maintenance_guides_list.html.
hostname(config)# cns password password
Step 7 Enable and configure the CNS execute agent. Include the encrypt keyword to use an SSL encrypted link
to the exec server. You can specify a port number for the encrypted exchange if you do not want to use
the default port 443.
hostname(config)# cns exec [encrypt [port]]
Step 8 Exit configuration mode and return to Exec mode.
hostname(config)# exit
Step 9 Save the configuration changes.
hostname# write memory