Table of Contents
Advertisement
Chapter 10
Configuring the Sensor Using the CLI
Enter network access mode:
Step 3
sensor(config)# service networkAccess
Set the IP address for the router controlled by NAC:
Step 4
sensor(config-NetworkAccess)# router-devices ip-address
Step 5
Type the logical device name that you created in
page
sensor(config-NetworkAccess-rou)# shun-device-cfg
NAC accepts anything you type. It does not check to see if the logical device
exists.
Designate the method used to access the sensor:
Step 6
sensor(config-NetworkAccess-rou)# communication
If unspecified, SSH 3DES is used.
Note
Specify the sensor's NAT address:
Step 7
sensor(config-NetworkAccess-rou)# nat-address
Note
Set the interface direction:
Step 8
sensor(config-NetworkAccess-rou-shu)# shun-interfaces direction
out
Step 9
Add the preShun ACL name (optional):
sensor(config-NetworkAccess-rou-shu)# pre-acl-name
Add the postShun ACL name (optional):
Step 10
sensor(config-NetworkAccess-rou-shu)# post-acl-name
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
78-15597-02
10-66.
If you are using DES or 3DES, you must use the command ssh host-key
ip_address to accept the key or NAC cannot connect to the device.
This changes the IP address in the first line of the ACL from the sensor's
address to the NAT address.
interface name you want ACL attached to
interface-name
Sensor Configuration Tasks
ip_address
Configuring Logical Devices,
logical_device_name
telnet/ssh-des/ssh-3des
nat_address
pre_shun_acl_name
post_shun_acl_name
in or
10-69
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor and is the answer not in the manual?
Questions and answers