9-21
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 9 Configuring Anomaly Detection
Configuring the Illegal Zone
Configuring the Illegal Zone
Use the illegal-zone {enabled | ip-address-range | tcp | udp |other} command in service anomaly
detection submode to enable the illegal zone, add IP addresses to the illegal zone, and specify protocols.
The following options apply:
• enabled {false | true}—Enables/disables the zone.
• ip-address-range—Specifies the IP addresses of the subnets in the zone. The valid value is
<A.B.C.D>-<A.B.C.D>[,<A.B.C.D>-<A.B.C.D>].
Note The second IP address in the range must be greater than or equal to the first IP address.
• tcp—Lets you configure TCP protocol.
• udp—Lets you configure UDP protocol.
• other—Lets you configure other protocols besides TCP and UDP.
Configuring the Illegal Zone
To configure the illegal zone, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Enter anomaly detection illegal zone submode.
sensor# configure terminal
sensor(config)# service anomaly-detection ad0
sensor(config-ano)# illegal-zone
sensor(config-ano-ill)#
Step 3 Enable the illegal zone.
sensor(config-ano-ill)# enabled true
Step 4 Configure the IP addresses to be included in the illegal zone.
sensor(config-ano-ill)# ip-address-range 192.0.2.72-192.0.2.108
Step 5 Configure TCP protocol.
Step 6 Configure UDP protocol.
Step 7 Configure the other protocols.
For More Information
• For the procedure for configuring TCP protocol, see Configuring TCP Protocol for the Illegal Zone,
page 9-22.
• For the procedure for the UDP protocol, see Configuring UDP Protocol for the Illegal Zone,
page 9-24.
• For the procedure for configuring other protocols, see Configuring Other Protocols for the Illegal
Zone, page 9-27.