Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

7-12

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 7 Configuring Event Action Rules

Event Action Variables

Use the variables variable_name address ip_address command in service event action rules submode

to create an IPv4 event action variable. The IPv4 address can be one address, a range, or ranges separated

by a comma. Use the variables variable_name ipv6-address ip_address command in service event

action rules submode to create an IPv6 event action variable. Use the no variables variable_name

command in service event action rules submode to delete an event action variable.

Note IPv6 addresses are 128 bits represented in hexadecimal and divided into eight 16-bit groups separated

by colons. You can skip the leading zeros and you can represent the zeroed groups in the middle with a

double colon (::). You must start the address with the 2001:db8 prefix.

Working With Event Action Variables

To add, delete, and edit event action variables, follow these steps:

Step 1 Log in to the CLI using an account with administrator privileges.

Step 2 Enter event action rules submode.

sensor# configure terminal

sensor(config)# service event-action-rules rules0

Step 3 Add an IPv4 event action rules variable. The valid values for address are A.B.C.D-A.B.C.D

[,A.B.C.D-A.B.C.D].

sensor(config-eve)# variables variable-ipv4 address 192.0.2.3

Step 4 Add an IPv6 event action rules variable. The valid form for ipv6-address is:

<XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX>-<XXXX:XXXX:XXXX:XXXX:XX

XX:XXXX:XXXX:XXXX>[,<XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX>-<XXX

X:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX>]

sensor(config-eve)# variables variable-ipv6 ipv6-address

2001:0db8:3c4d:0015:0000:0000:abcd:ef12

Step 5 Verify that you added the event action rules variable.

sensor(config-eve)# show settings

variables (min: 0, max: 256, current: 2)

-----------------------------------------------

variableName: variable-ipv6

-----------------------------------------------

ipv6-address: 2001:0db8:3c4d:0015:0000:0000:abcd:ef12 default: ::0-FFFF

:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

-----------------------------------------------

variableName: variable-ipv4

-----------------------------------------------

address: 192.0.2.3 default: 0.0.0.0-255.255.255.255

-----------------------------------------------

-----------------------------------------------

Step 6 To edit an event action rules variable, change the IPv6 address to a range.

sensor(config-eve)# variables variable-ipv6 ipv6-address

::0-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

Step 7 Verify that you edited the event action rules variable.

sensor(config-eve)# show settings

variables (min: 0, max: 256, current: 2)

-----------------------------------------------

variableName: variable-ipv6

previous next