Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
9-11
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 9 Configuring Anomaly Detection
Configuring Anomaly Detection Operational Settings
The following options apply:
worm-timeout—Specifies the amount of time in seconds for the worm termination timeout. The
range is 120 to 10,000,000 seconds. The default is 600 seconds.
ignore—Specifies the IP addresses that should be ignored while anomaly detection is processing:
enabled {true | false}—Enables/disables the list of ignored IP addresses. The default is
enabled.
source-ip-address-range—Specifies the source IP addresses that you want anomaly detection
to ignore during processing.
dest-ip-address-range—Specifies the destination IP addresses that you want anomaly
detection to ignore during processing.
Note IP addresses are in the form of <A.B.C.D>-<A.B.C.D>[,<A.B.C.D>-<A.B.C.D>].
Configuring Anomaly Detection Operational Settings
To specify anomaly detection operational settings, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Enter anomaly detection submode.
sensor# configure terminal
sensor(config)# service anomaly-detection ad1
Step 3 Specify the worm timeout.
sensor(config-ano)# worm-timeout 800
Step 4 Verify the setting.
sensor(config-ano)# show settings
worm-timeout: 800 seconds default: 600
Step 5 Specify the destination IP addresses that you want to be ignored while anomaly detection is processing.
sensor(config-ano)# ignore
sensor(config-ano-ign)# dest-ip-address-range 10.10.5.5,10.10.2.1-10.10.2.30
Step 6 Specify the source IP addresses that you want to be ignored while anomaly detection is processing.
sensor(config-ano-ign)# source-ip-address-range 10.20.30.108-10.20.30.191
Step 7 Verify the settings.
sensor(config-ano-ign)# show settings
ignore
-----------------------------------------------
enabled: true default: true
source-ip-address-range: 10.20.30.108-10.20.30.191 default: 0.0.0.0
dest-ip-address-range: 10.10.5.5,10.10.2.1-10.10.2.30 default: 0.0.0.0
-----------------------------------------------
sensor(config-ano-ign)#
Step 8 Exit anomaly detection submode.
sensor(config-ano-ign)# exit
sensor(config-ano)# exit
Apply Changes:?[yes]:
 previous next