Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

9-35

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 9 Configuring Anomaly Detection

Configuring the External Zone

sensor(config-ano-ext-udp)#

Configuring Other Protocols for the External Zone

Use the other {enabled | protocol number | default-thresholds} command in service anomaly detection

external zone submode to enable and configure the other services. The following options apply:

• enabled {false | true}—Enables/disables other protocols.

• default-thresholds—Defines thresholds to be used for all ports not specified in the destination port

map:

–

threshold-histogram {low | medium | high} num-source-ips number—Sets values in the

threshold histogram.

–

scanner-threshold—Sets the scanner threshold. The default is 200.

• protocol-number number—Defines thresholds for specific protocols. The valid values are 0 to 255.

• enabled {true | false}—Enables/disables the service.

• override-scanner-settings {yes | no}—Lets you override the scanner values:

–

threshold-histogram {low | medium | high} num-source-ips number—Sets values in the

threshold histogram.

–

scanner-threshold—Sets the scanner threshold. The default is 200.

Configuring the External Zone Other Protocols

To configure other protocols for a zone, follow these steps:

Step 1 Log in to the CLI using an account with administrator privileges.

Step 2 Enter anomaly detection external zone submode.

sensor# configure terminal

sensor(config)# service anomaly-detection ad0

sensor(config-ano)# external-zone

sensor(config-ano-ext)#

Step 3 Enable the other protocols.

sensor(config-ano-ext)# other

sensor(config-ano-ext-oth)# enabled true

Step 4 Associate a specific number for the other protocols.

sensor(config-ano-ext-oth)# protocol-number 5

sensor(config-ano-ext-oth-pro)#

Step 5 Enable the service for that port.

sensor(config-ano-ext-oth-pro)# enabled true

Step 6 Override the scanner values for that protocol. You can use the default scanner values, or you can override

them and configure your own scanner values.

sensor(config-ano-ext-oth-pro)# override-scanner-settings yes

sensor(config-ano-ext-oth-pro-yes)#

previous next