Configuring Blocking Devices; How The Sensor Manages Devices - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Configuring Blocking Devices

Exit network access submode:
Step 8
sensor(config-net-use)# exit
sensor(config-net)# exit
Apply Changes:?[yes]:
Press Enter to apply the changes or type
Step 9
Configuring Blocking Devices
This section describes how to configure devices that the sensor uses to block. It contains the following
topics:
•
•
•
•

How the Sensor Manages Devices

Network Access Controller uses ACLs on Cisco routers and switches to manage those devices. These
ACLs are built as follows:
1.
2.
3.
4.
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
10-18
How the Sensor Manages Devices, page 10-18
Configuring the Sensor to Manage Cisco Routers, page 10-19
Configuring the Sensor to Manage Catalyst 6500 Series Switches and Cisco 7600 Series Routers,
page 10-21
Configuring the Sensor to Manage Cisco Firewalls, page 10-24
A permit line with the sensor's IP address or, if specified, the NAT address of the sensor
If you permit the sensor to be blocked, this line does not appear in the ACL.
Note
Pre-Block ACL (if specified)
This ACL must already exist on the device.
Note Network Access Controller reads the lines in the ACL and copies these lines to the beginning
of the ACL.
Any active blocks
Either:
Post-Block ACL (if specified)
–
This ACL must already exist on the device.
Note Network Access Controller reads the lines in the ACL and copies these lines to the end
of the ACL.
to discard them.
no
Chapter 10 Configuring Blocking
78-16527-01