Filter
Top Products
14-23
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 14 Configuring Attack Response Controller for Blocking and Rate Limiting
Configuring Blocking and Rate Limiting Devices
Configuring the Sensor to Manage Cisco Routers
This section describes how to configure the sensor to manage Cisco routers. It contains the following
topics:
• Routers and ACLs, page 14-23
• Configuring the Sensor to Manage Cisco Routers, page 14-23
Routers and ACLs
Note Pre-Block and Post-Block ACLS do not apply to rate limiting.
You create and save Pre-Block and Post-Block ACLs in your router configuration. These ACLs must be
extended IP ACLs, either named or numbered. See your router documentation for more information on
creating ACLs. Enter the names of these ACLs that are already configured on your router in the
Pre-Block ACL and Post-Block ACL fields.
The Pre-Block ACL is mainly used for permitting what you do not want the sensor to ever block. When
a packet is checked against the ACL, the first line that gets matched determines the action. If the first
line matched is a permit line from the Pre-Block ACL, the packet is permitted even though there may be
a deny line (from an automatic block) listed later in the ACL. The Pre-Block ACL can override the deny
lines resulting from the blocks.
The Post-Block ACL is best used for additional blocking or permitting that you want to occur on the
same interface or direction. If you have an existing ACL on the interface or direction that the sensor will
manage, that existing ACL can be used as a Post-Block ACL. If you do not have a Post-Block ACL, the
sensor inserts permit ip any any at the end of the new ACL.
When the sensor starts up, it reads the contents of the two ACLs. It creates a third ACL with the
following entries:
• A permit line for the sensor IP address
• Copies of all configuration lines of the Pre-Block ACL
• A deny line for each address being blocked by the sensor
• Copies of all configuration lines of the Post-Block ACL
The sensor applies the new ACL to the interface and direction that you designate.
Note When the new ACL is applied to an interface or direction of the router, it removes the application of any
other ACL to that interface or direction.
Configuring the Sensor to Manage Cisco Routers
To configure a sensor to manage a Cisco router to perform blocking and rate limiting, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Enter network access submode.
sensor# configure terminal
sensor(config)# service network-access