Add Network Devices and Connected Clients

Note: Only SEA System Admin role can access this interface in IoT OD. Use System Management to provide secure remote communication with IoT network devices. The IoT device can be a network client, or the subtended devices attached to that network device.

Summary steps

1. Add network devices that were previously onboarded and configured in EDM.
2. Add network devices in the SEA Service installs the SEA Agent on that device.
3. Add the connected client attached to the network devices that users can access.
4. Configure SEA Plus protocols for network devices and connected clients.

Note: On Cisco IR devices running IOS or IOS-XE, the SEA Agent is automatically installed and configured on the network device.

Add network devices

1. From the Services panel, choose Secure Equipment Access > System Management.

2. From the Network Devices tab, click Add Network Device. A list of possible network devices opens.

3. Choose a network device from the list or search for it in the Search field. Click Next.

4. Enter a network device description, if needed, and click Add Network Device. This command starts the installation of the SEA Service on the device.

5. Click Next. A confirmation box opens.

6. Check the SEA Agent state of deployment associated with the network device.

   • The SEA Agent deployment state changes to Installed. If the status does not change to Installed, go to the network device listing and hover over the 3 dots in the Actions column and choose Install SEA Agent.

   

Add Connected Clients

To add a connected client for a device:

Note: These devices can be subtended devices, or the network device itself.

1. From the Network Device details screen, click Add Connected Client.
2. Next, there are two options to follow. You must manually add connected clients to the group.
   • If connected clients were manually added in EDM, they are listed and you can choose them from the list.
   • If connected clients have not been added in EDM, they must be manually added in SEA.
3. After you choose or add a connected client, click Add. The connected client is associated with the network device.

Using the network device as a Connected Client for configuration or troubleshooting

Use the network device itself as a Connected Client to configure or troubleshoot the device. However, you must use the proper IP Address, which is the default-router in the ip dhcp pool ioxpool configuration section. That information is in the Current Configuration screen (below). The default-router IP Address allows you to access the CLI of the network device (using the SSH access method) or the Web GUI (using the Web App access method). 

To locate the default-router IP Address

1. Log in to IoT OD and choose Edge Device Manager Service. 
2. Click Inventory > choose the Network device > Device Configuration tab.
3. Scroll down to find Current Configuration (default choice). Click Show. 
4. In the configuration screen, scroll down to the ip dhcp pool ioxpool section.
5. Choose the default-router IP Address (format equals xx.x.xx.xxx). Using this IP Address you can then access the CLI (using the SSH access method) or Web GUI (using the Web App access method).

 

Configure SEA Plus protocols

Note:

• The SEA Agent must be downloaded (minimum version is 0.70).
• There is an existing Network Device and Connected Client configured for remote access.

To configure an SEA Plus protocol:

1. From the Services panel, choose Secure Equipment Access > System Management.

2. Choose the SEA Plus Protocols tab. This screen has three SEA Plus Protocol Definition setting filters.

   • All (Default): Choose this filter to list all the definitions created (custom and predefined).
   • Custom: Choose this filter to list all the custom definitions created.
   • Predefined: Choose this filter for a list of "out of the box" protocol definitions that can help you get started.

 

Note:

• The three predefined definitions: Allow all Protocols, TCP All Ports+ICMP, and UDP All Ports+ICMP should be used with caution. Cisco does not recommend using them because they offer less protection. Once you are familiar with setting up the SEA Plus Definitions, we recommend configuring your own protocols and ports to fit your needs and security requirements. 
• You cannot add SEA Plus Protocol Definitions from the Predefined filter.

The SEA Protocols screen lists the following:

• Name: Protocol Definition Name.
• Tag (optional): Used for grouping definitions.
• Description: Description of the protocol definition.
• Last modified: Protocol definition was last modified.
• Actions: Clone or Delete.

 

The SEA Plus Protocols screen also includes a Search Table field and a filter icon (right side of the screen) for searching through long lists of protocol definitions. 

Note: If you clone a protocol definition, the definition has the same name with a number in parenthesis. For example, Protocol (1), Protocol (2), etc. 

4. To add a Custom Protocol Definition, click Add Protocol Definition.

5. Make sure you are in the SEA Plus Protocols tab. Then enter:

   a. (Required) Type in a protocol definition name. 

   b. (Optional) Type in an identifying tag (for grouping).

   c. (Optional) Type in a useful description.

6. Click Add Protocol.

7. In the Add Protocol screen choose one of the following protocols:

• (Not recommended) TCP All Ports
• (Not recommended) UDP All Ports
• TCP
• UDP
• ICMP

8. For UDP and TCP, specify a single Port (or Port Range, for example 85-110) for that protocol.
9. Click Add Protocol. The protocol is added to the protocol list.
10. To add additional protocols, repeat step 6-9.
11. Click Save Protocol Definition. The custom protocol definition is added to the SEA Plus Protocol Definitions list.

Once the definitions are created they can be used when you create the access methods for SEA Plus. See SEA Plus Access Method.