Filter
Top Products
CHAPTER
14-1
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
14
Configuring Attack Response Controller for
Blocking and Rate Limiting
This chapter provides information for setting up the ARC to perform blocking and rate limiting on the
sensor. It the following sections:
• Blocking Notes and Caveats, page 14-1
• Understanding Blocking, page 14-2
• Understanding Rate Limiting, page 14-4
• Understanding Service Policies for Rate Limiting, page 14-5
• Before Configuring ARC, page 14-5
• Supported Devices, page 14-6
• Configuring Blocking Properties, page 14-7
• Configuring User Profiles, page 14-20
• Configuring Blocking and Rate Limiting Devices, page 14-21
• Configuring the Sensor to be a Master Blocking Sensor, page 14-28
• Configuring Host Blocking, page 14-31
• Configuring Network Blocking, page 14-32
• Configuring Connection Blocking, page 14-32
• Obtaining a List of Blocked Hosts and Connections, page 14-33
Blocking Notes and Caveats
The following notes and caveats apply to blocking:
• The ARC is formerly known as Network Access Controller. Although the name has been changed,
the IDM, the IME, and the CLI contain references to Network Access Controller, nac, and
network-access.
• Blocking is not supported on the FWSM in multiple mode admin context.
• Connection blocks and network blocks are not supported on adaptive security appliances. Adaptive
security appliances only support host blocks with additional connection information.