Filter
Top Products
14-24
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 14 Configuring Attack Response Controller for Blocking and Rate Limiting
Configuring Blocking and Rate Limiting Devices
sensor(config-net)#
Step 3 Specify the IP address for the router controlled by the ARC.
sensor(config-net)# router-devices ip_address
Step 4 Enter the logical device name that you created when you configured the user profile. The ARC accepts
anything you enter. It does not check to see if the user profile exists.
sensor(config-net-rou)# profile-name user_profile_name
Step 5 Specify the method used to access the sensor. If unspecified, SSH 3DES is used.
sensor(config-net-rou)# communication {telnet | ssh-3des}
Note If you are using 3DES, you must use the command ssh host-key ip_address to accept the key or
ARC cannot connect to the device.
Step 6 Specify the sensor NAT address.
sensor(config-net-rou)# nat-address nat_address
Note This changes the IP address in the first line of the ACL from the address of the sensor to the NAT
address. This is not a NAT address configured on the device being managed. It is the address the
sensor is translated to by an intermediate device, one that is between the sensor and the device
being managed.
Step 7 Specify whether the router will perform blocking, rate limiting, or both.
Note The default is blocking. You do not have to configure response capabilities if you want the router
to perform blocking only.
a. Rate limiting only
sensor(config-net-rou)# response-capabilities rate-limit
b. Both blocking and rate limiting
sensor(config-net-rou)# response-capabilities block|rate-limit
Step 8 Specify the interface name and direction.
sensor(config-net-rou)# block-interfaces interface_name {in | out}
Caution The name of the interface must either be the complete name of the interface or an abbreviation that the
router recognizes with the interface command.
Step 9 (Optional) Add the pre-ACL name (blocking only).
sensor(config-net-rou-blo)# pre-acl-name pre_acl_name
Step 10 (Optional) Add the post-ACL name (blocking only).
sensor(config-net-rou-blo)# post-acl-name post_acl_name