Table of Contents
Advertisement
Sensor Configuration Tasks
Caution
Configuring the Sensor to Manage a Cisco Router
Step 1
Step 2
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
10-68
PreShun ACL (if specified)
2.
This ACL must already exist on the device.
Any active blocks
3.
4.
Either:
PostShun ACL (if specified)
–
This ACL must already exist on the device.
Make sure the last line in the ACL is
Note
–
permit ip any any
NAC uses two ACLs to manage devices. Only one is active at any one time. It uses
the offline ACL name to build the new ACL, then applies it to the interface. NAC
then reverses the process on the next cycle.
A single sensor can manage multiple devices, but you cannot use multiple sensors
to control a single device. In this case, use a master blocking sensor. See
Configuring the Sensor to be a Master Blocking Sensor, page
information.
This section contains the following topics:
•
Configuring the Sensor to Manage a Cisco Router, page 10-68
Configuring the Sensor to Manager a Catalyst 6500 Series Switch,
•
page 10-70
Configuring the Sensor to Manage a Cisco PIX Firewall, page 10-72
•
To configure a sensor to manager a Cisco router, follow these steps:
Log in to the CLI using an account with administrator privileges.
Enter configuration mode:
sensor# configure terminal
Chapter 10
Configuring the Sensor Using the CLI
(not used if a PostShun ACL is specified)
.
permit ip any any
10-73, for more
78-15597-02
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor and is the answer not in the manual?
Questions and answers