Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

6-10

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 6 Configuring Virtual Sensors

Adding, Editing, and Deleting Virtual Sensors

Editing or Deleting a Virtual Sensor

To edit or delete a virtual sensor, follow these steps:

Step 1 Log in to the CLI using an account with administrator privileges.

Step 2 Enter analysis engine mode.

sensor# configure terminal

sensor(config)# service analysis-engine

sensor(config-ana)#

Step 3 Edit the virtual sensor, vs1.

sensor(config-ana)# virtual-sensor vs1

sensor(config-ana-vir)#

Step 4 Edit the description of this virtual sensor.

sensor(config-ana-vir)# description virtual sensor A

Step 5 Change the anomaly detection policy and operational mode assigned to this virtual sensor.

sensor(config-ana-vir)# anomaly-detection

sensor(config-ana-vir-ano)# anomaly-detection-name ad0

sensor(config-ana-vir-ano)# operational-mode learn

Step 6 Change the event action rules policy assigned to this virtual sensor.

sensor(config-ana-vir-ano)# exit

sensor(config-ana-vir)# event-action-rules rules0

Step 7 Change the signature definition policy assigned to this virtual sensor.

sensor(config-ana-vir)# signature-definition sig0

Step 8 Change the inline TCP session tracking mode. The default is virtual sensor mode, which is almost always

the best option to choose.

sensor(config-ana-vir)# inline-TCP-session-tracking-mode interface-and-vlan

Step 9 Display the list of available interfaces.

sensor(config-ana-vir)# physical-interface ?

GigabitEthernet0/0 GigabitEthernet0/0 physical interface.

GigabitEthernet0/1 GigabitEthernet0/1 physical interface.

GigabitEthernet2/0 GigabitEthernet0/2 physical interface.

GigabitEthernet2/1 GigabitEthernet0/3 physical interface.

sensor(config-ana-vir)# physical-interface

sensor(config-ana-vir)# logical-interface ?

<none available>

Step 10 Change the promiscuous mode interfaces assigned to this virtual sensor.

sensor(config-ana-vir)# physical-interface GigabitEthernet0/2

Step 11 Change the inline interface pairs assigned to this virtual sensor. You must have already paired the

interfaces.

sensor(config-ana-vir)# logical-interface inline_interface_pair_name

previous next