# Initial vSensor configuration at CLI

## vSensor IP Addressing via CLI

If you are not using DHCP or would like to set a static address, you will need to login to the CLI of the vSensor to set a static interface assignment. DNS for vSensors must also be configured at the CLI.

vSensor login at the CLI is very similar to logging in to physical Sensors. The primary difference is that there is no physical serial console, IPMI/iDRAC, or other ports to log in to. Logging in can be done via your hypervisor console function or using SSH to the management port if it was preconfigured with DHCP.

{% hint style="info" %}
**Please Note:**

Occasionally when using your Hypervisor console, you may need to switch to a different VM console to see the vSensor console that will allow login. When this happens, you can use *ALT + Arrow keys* to change the console to one that allows you entry to the CLI. Some hypervisors may not pass the *Alt + Arrow keys* to change console. Switching to a different browser such as Firefox has worked correctly for some customers. Please see [device console does not show an interactive terminal during boot-up](https://support.vectra.ai/vectra/article/KB-VS-1683) for more details.
{% endhint %}

* Connect to your vSensor CLI using your hypervisor console or `ssh vectra@<IP or Hostname>` if you use DHCP and already know the address or hostname.
  * If the vSensor has shown up in the Brain UI then you should be able to see its IP address in *Configuration → COVERAGE → Data Sources > Network > Sensors* as well.
  * The initial password is `changethispassword`. You will be asked to change this when logging in to a paired and updated vSensor.&#x20;
* Once logged in to the appliance you can view command syntax for the `set interface` command.

```
set interface -h
Usage: set interface [OPTIONS] [mgt1] [dhcp|static] [IP] [SUBNET_MASK]
[GATEWAY_ADDRESS]
 
Sets mgt1 to either dhcp or static ip configuration
 
Options:
-h, --help Show this message and exit.
```

## Setting a Static IP Address

Both IPv4 and IPv6 are supported for the management interface (MGT1). For full details, including information regarding dual stack support, please [IPv6 Management Support for Vectra Appliances](https://docs.vectra.ai/deployment/getting-started/ipv6-management-support-for-vectra-appliances) on the Vectra support portal. Below we will show how to enable IPv6 support (its off by default) and the syntax to use when setting an IPv4 or IPv6 address.

**To enable/disable IPv6 support:**

```
# show ipv6 enabled
IPv6 is disabled
 
# set ipv6 enabled
Response: ok
 
# show ipv6 enabled
IPv6 is enabled
 
# set ipv6 disabled
Response: ok
```

**Setting IPv4 and IPv6 syntax examples:**

Execute the following command to set the MGT1 interface to the desired static IP address:

```
IPv4 Syntax:
set interface mgt1 static x.x.x.x y.y.y.y z.z.z.z
 
Where:
x.x.x.x is the desired interface IP address
y.y.y.y is the desired interface network mask
z.z.z.z is the desired gateway
 
IPv6 Syntax:
set interface mgt1 static [IPv6 IP] [Subnet Mask] [Gateway]
 
Example:
set interface mgt1 static 2001:0db8:0:f101::25 64 2001:0db8:0:f101::1
```

**To change back to DHCP (default):**

```
set interface mgt1 dhcp
```

## Configuring DNS Servers

{% hint style="info" %}
**Please Note:**

Up to 3 DNS servers may be configured for your vSensor.
{% endhint %}

**Command syntax:**

```
set dns [nameserver1 <ip>] [nameserver2 <ip>] [nameserver3 <ip>]
```

**Example:**

```
set dns 10.50.10.101 10.50.10.102
```

**Verifying DNS Configuration:**

```
show dns
```

## Change Password and Full Example

Once you have set an IP and DNS, please use the `set password` command to change the password or you may wait and change all paired Sensor passwords en masse in the Brain UI later at *Configuration* → COVERAGE → *Data Sources → Network → Sensors → Sensor Configuration → CLI Password (Sensors)* if you wish to keep them in sync.

{% hint style="info" %}
**Please Note:**

You will be asked to change the password after initial login to paired and updated vSensors.
{% endhint %}

**Full example of setting an IPv4 static IP and DNS:**

```
vscli > set interface mgt1 static 172.16.12.11 255.255.255.0 172.16.12.1
Interfaces updated successfully
vscli > set dns 10.50.10.101
DNS Set: success
vscli > show interface
mgt1:
    Running:
        Gateway: 172.16.12.1,
        Ip: 172.16.12.11,
        Link Speed: 10Gbps,
        Link State: up,
        Mac: 00:0c:29:89:ad:a6,
        Mode: static,
        Netmask: 255.255.255.0
vscli > show dns
Id|Server      |Description
1  10.50.10.101 Configured DNS nameserver
```

## Verifying your Connectivity:

A Sensor (or Stream appliance) can pair with any Vectra Brain type. For example, the Brain can be a physical appliance, a Brain deployed in a IaaS cloud, or a Brain deployed in a traditional hypervisor environment on customer premises.

Sensors must be able to reach the Brain over the below ports. It is recommended to enable these ports bidirectionally to aid in troubleshooting.

* TCP/443 (HTTPS) - Used for Sensor discovery and initial pairing connection.
* TCP/22 (SSH) - Used for Paired Sensor connections.

Additionally, for online pairing (physical Sensors only), both the Sensor and Brain must be able to communicate with:

* update&#x32;**.**&#x76;ectranetwork&#x73;**.**&#x63;om or 54.200.156.238 over TCP/443 (HTTPS)

Please work with your security and networking contacts to ensure that the Sensor will be able to initiate a connection to the Brain. Sensors only communicate with the Vectra Brain and do not need to communicate to Vectra directly. Software updates for the Sensor will come from the Brain.

For full details on all potential firewall requirements in Vectra deployments, please see [firewall requirements](https://docs.vectra.ai/deployment/getting-started/firewall-requirements).

If your Sensor is already configured with an IP, it is recommended to ping the Brain IP to verify reachability before attempting pairing. Connectivity can be tested with the `debug connectivity` command.

* For more detail, please see [Checking brain or sensor network connectivity](https://support.vectra.ai/vectra/article/KB-VS-1280).

**Example:**

```
vscli > debug connectivity -h
Usage: debug connectivity [OPTIONS] HOST PORT
 
Test TCP connectivity to destination host or IP through proxy if configured
 
Options:
--bypass-proxy / --dont-bypass-proxy
Bypass proxy while testing connectivity if
proxy is configured
--ssl / --no-ssl Test connectivity to host using SSL
--timeout FLOAT Seconds to attempt a connection to host and
proxy if configured [default: 5]
-h, --help Show this message and exit.
 
vscli > debug connectivity yourbrainIP.customernetwork.com 443 –no-ssl
Connectivity: Success
Proxy: False
SSL: False
```