Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

4-24

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 4 Setting Up the Sensor

Configuring Authentication and User Parameters

timeout: 3 <defaulted>

-----------------------------------------------

secondary-server

-----------------------------------------------

enabled

-----------------------------------------------

server-address: 10.4.5.6

server-port: 1816 default: 1812

shared-secret: yyyyy

timeout: 8 default: 3

-----------------------------------------------

-----------------------------------------------

nas-id: cisco-ips default: cisco-ips

local-fallback: enabled default: enabled

console-authentication: radius-and-local <defaulted>

default-user-role: operator default: unspecified

-----------------------------------------------

sensor(config-aaa-rad)#

Step 10 Exit AAA mode.

sensor(config-aaa-rad)# exit

sensor(config-aaa)# exit

Apply Changes:?[yes]:

Step 11 Press Enter to apply the changes or enter no to discard them.

For More Information

• For the procedure for adding and removing users, see Adding and Removing Users, page 4-16.

• For the procedure for configuring passwords, see Configuring Passwords, page 4-28.

• For the procedure for specifying password requirements, see Configuring the Password Policy,

page 4-30.

• For detailed information on RADIUS and the service account, see The Service Account and

RADIUS Authentication, page 4-27.

Configuring Packet Command Restriction

Use the permit-packet-logging command to restrict the use of packet capture-related

commands—packet capture/display and IP logging—for local and AAA RADIUS users. The default is

to permit packet capture/display and IP log commands. Local users with the correct permissions can use

the packet capture/display and IP log commands. AAA RADIUS users with the correct av-pair can use

the packet capture/display and IP log commands. This command is supported in IPS 7.1(3)E4 and later.

Note IP log actions configured for signatures are not impacted by the packet command restriction feature.

When you modify the packet command restriction option, you receive the following warning:

Modified packet settings would take effect only for new sessions, existing sessions will

continue with previous settings.

previous next