Support User Manuals

Cisco Systems IPS4510K9 Home Security System User Manual

Open as PDF

of 854

14-24

Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2

OL-29168-01

Chapter 14 Configuring Attack Response Controller for Blocking and Rate Limiting

Configuring Blocking and Rate Limiting Devices

Step 5

Specify the method used to access the sensor. If unspecified, SSH 3DES is used.

sensor(config-net-rou)# communication {telnet | ssh-3des}

Note

If you are using 3DES, you must use the command ssh host-key ip_address to accept the key or

ARC cannot connect to the device.

Step 6

Specify the sensor NAT address.

sensor(config-net-rou)# nat-address nat_address

Note

This changes the IP address in the first line of the ACL from the address of the sensor to the NAT

address. This is not a NAT address configured on the device being managed. It is the address the

sensor is translated to by an intermediate device, one that is between the sensor and the device

being managed.

Step 7

Specify whether the router will perform blocking, rate limiting, or both.

Note

The default is blocking. You do not have to configure response capabilities if you want the router

to perform blocking only.

a.

Rate limiting only

sensor(config-net-rou)# response-capabilities rate-limit

b.

Both blocking and rate limiting

sensor(config-net-rou)# response-capabilities block|rate-limit

Step 8

Specify the interface name and direction.

sensor(config-net-rou)# block-interfaces interface_name

{in | out}

Caution

The name of the interface must either be the complete name of the interface or an abbreviation that the

router recognizes with the interface command.

Step 9

(Optional) Add the pre-ACL name (blocking only).

sensor(config-net-rou-blo)# pre-acl-name pre_acl_name

Step 10

(Optional) Add the post-ACL name (blocking only).

sensor(config-net-rou-blo)# post-acl-name post_acl_name

Step 11

Verify the settings.

sensor(config-net-rou-blo)# exit

sensor(config-net-rou)# show settings

ip-address: 192.0.2.1

-----------------------------------------------

communication: ssh-3des default: ssh-3des

nat-address: 19.89.149.219 default: 0.0.0.0

profile-name: PROFILE1

block-interfaces (min: 0, max: 100, current: 1)

-----------------------------------------------

interface-name: GigabitEthernet0/1

previous next