Summary
The SMS provides a convenient option that allows you to replace an existing device and have the new device function exactly the same as the old device. If you are replacing the same model with another model and both devices have the same TOS, the one-to-one replacement is straightforward.
There are certain limitations based on device features. For example, If you replace an IPS device that supports DDoS with an IPS device that does not support DDoS, data might be lost. When you replace a device, the events from the previous device are preserved. However, previously installed TOS versions, rollback versions, and snapshots are reset using the new (replaced) device as a starting point.
There are certain limitations based on device features. For example, If you replace an IPS device that supports DDoS with an IPS device that does not support DDoS, data might be lost. When you replace a device, the events from the previous device are preserved. However, previously installed TOS versions, rollback versions, and snapshots are reset using the new (replaced) device as a starting point.
Details
Procedure
Device replacement guidelines
The following table specifies device replacement options using the Device Replacement feature:
General clarifications
When you replace a device with another device that has a different port configuration, the SMS may attempt to push the port configuration for the old device to the new device. If this happens, unmanage the device, use the CLI or LSM to disable auto-negotiate for each port, and then remanage the device. You will need to redistribute any profile that was distributed to the device after you remanage it.
- Remove the replacement device from the box and complete the Out of Box Experience (OBE) instructions using the old IPS address for the new one.
- Select Devices > All Devices, choose the device to be replaced, and then select Edit > Details > Replace Device.
- After Devices - Replace Device dialog displays, enter the information for the new IPS device, and then click OK.
Device replacement guidelines
The following table specifies device replacement options using the Device Replacement feature:
| Current device | Can be replaced with |
| 8400TX | 8200TX or 8400TX |
| 8200TX | 8200TX or 8400TX |
| 5500TX | 5500TX, 8200TX, or 8400TX |
| 1100TX | vTPS, 1100TX, or 5500TX |
| 2200T | 2200T, 5500TX, 8200TX, or 8400TX |
| 440T | 440T, 2200T, vTPS, 1100TX, or 5500TX |
| vTPS | vTPS, 440T, or 1100TX |
| 7500NX | 8200TX or 8400TX |
| 7100NX | 8200TX or 8400TX |
| 6200NX | 8200TX or 8400TX |
| 5200NX | 5500TX, 8200TX, or 8400TX |
| 2600NX | 5500TX, 8200TX, or 8400TX |
| 6100N | 8200TX or 8400TX |
| 5100N | 5500TX, 8200TX, or 8400TX |
| 2500N | 5500TX, 8200TX, or 8400TX |
| 1400N | 2200T or 5500TX |
| 660N | 440T, 2200T, vTPS, 1100TX, or 5500TX |
| 330 | 440T, 2200T, vTPS, 1100TX, or 5500TX |
| 110 | 440T, 2200T, vTPS, 1100TX, or 5500TX |
Notes
| |
General clarifications
- X-Family devices are not supported as either device.
- Core Controller is not supported as either device.
- The old model cannot be running a newer TOS than the new model.
- Segments - Data loss occurs if the new device has fewer segments than the old device. For example, when a device with four segments is replaced by a device with two segments, events and settings related to the additional segments, if configured on the original device, are lost.
- New model has more segments - Because the models are not the same and the new device has extra segments, the new segments are not configured. Extra segments are placed in the Default segment group.
- New model has fewer segments - Because the models are not the same and the new device has fewer segments, the SMS cannot copy all segment/port setting to the new device. Therefore, the configuration of the common segments is copied and the remaining segments are dropped or removed from the SMS.
- DDoS - Possible data loss occurs if the new device does not support DDoS and the old device is configured for DDoS. If the new model is not the same as the old model:
- And the old model supports DDoS and the new model does not, then DDoS functionality is removed.
- Virtual segments are removed.
- And the old model has more physical segments than the new model, information is lost.
- Profile distribution - Auto redistribution of profiles is not supported.
- Device users - A replacement device does not inherit device users. All device users must be added back manually.
- FIPS settings - You cannot replace FIPS Settings on a device.
- Remote authentication - RADIUS authentication settings and servers remain only if the replacement device supports RADIUS authentication. SMS authentication settings are not inherited when a TPS device replaces an IPS device.
- New model cannot use same IP address as old model - If the old model is still online, you cannot use the same IP address and must choose a different one for the new model. If the TOS versions are not the same, you must upgrade to the newer version. After you upgrade your IPS device, you can give the old device and new IP Address and place it in another area of the network.
- Port/segment info from the previous model is mapped to NX modules beginning with the module in the first NX slot.
- If the first NX slot does not contain a module, data from the previous model is lost.
- Data from the previous model is lost for any ports/segments that exceed the number of NX module ports/segments.
- Port/segment info from the previous model is mapped to NX modules beginning with the module in the first NX slot.
- If either of the NX models has a different slot configuration, data may be lost.
- Data is not mapped to or from models with a blank slot and is lost.
When you replace a device with another device that has a different port configuration, the SMS may attempt to push the port configuration for the old device to the new device. If this happens, unmanage the device, use the CLI or LSM to disable auto-negotiate for each port, and then remanage the device. You will need to redistribute any profile that was distributed to the device after you remanage it.
| Old Device | New Device | Device Replace Behavior |
| IPS | IPS | No Change |
| IPS | IPS (NX-Platform) | All of the device configurations except for port configuration will be copied to the new device. The NX-Platform device I/O modules are very different from previous IPS devices. |
| IPS (NX-Platform) | IPS (NX-Platform) | All of the device configurations are copied to the new device if the I/O module types are the same. If the I/O module types are different, then the port configuration will not be copied. |
| IPS (NX-Platform) | TPS (TX Series) | All of the device configurations are copied to the new device if the I/O module types are the same. If the I/O module types are different, then the port configuration will not be copied. |
| TPS (TX Series) | TPS (TX Series) | All of the device configurations are copied to the new device if the I/O module types are the same. If the I/O module types are different, then the port configuration will not be copied. |
