Filter
Top Products
14-27
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 14 Configuring Attack Response Controller for Blocking and Rate Limiting
Configuring Blocking and Rate Limiting Devices
Step 5 Specify the method used to access the sensor. If unspecified, SSH 3DES is used.
sensor(config-net-cat)# communication {telnet | ssh-3des}
Note If you are using 3DES, you must use the command ssh host-key ip_address to accept the key or
ARC cannot connect to the device.
Step 6 Specify the sensor NAT address.
sensor(config-net-cat)# nat-address nat_address
Note This changes the IP address in the first line of the ACL from the IP address of the sensor to the
NAT address. This is not a NAT address configured on the device being managed. It is the
address the sensor is translated to by an intermediate device, one that is between the sensor and
the device being managed.
Step 7 Specify the VLAN number.
sensor(config-net-cat)# block-vlans vlan_number
Step 8 (Optional) Add the pre-VACL name.
sensor(config-net-cat-blo)# pre-vacl-name pre_vacl_name
Step 9 (Optional) Add the post-VACL name.
sensor(config-net-cat-blo)# post-vacl-name post_vacl_name
Step 10 Exit network access submode.
sensor(config-net-cat-blo)# exit
sensor(config-net-cat)# exit
sensor(config-net)# exit
sensor(config)# exit
Apply Changes:?[yes]:
Step 11 Press Enter to apply the changes or enter no to discard them.
For More Information
• For the procedure for configuring user profiles, see Configuring User Profiles, page 14-20.
• For the procedure for adding a device to the known hosts list, see Adding Hosts to the SSH Known
Hosts List, page 4-45.
Configuring the Sensor to Manage Cisco Firewalls
To configure the sensor to manage Cisco firewalls, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Enter network access submode.
sensor# configure terminal
sensor(config)# service network-access