Table of Contents
Advertisement
System Components
•
•
•
•
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
A-20
that NAC controls. The PIX Firewall device type uses a different API to
perform blocks and the NAC does not have any effect on preexisting ACLs on
the PIX Firewall.
Note
Catalyst 5000 RSM and Catalyst 6000 MSFC2 network devices are
supported in the same way as Cisco routers.
See
ACLs and VACLs, page
Forwarding blocks to a list of remote sensors
NAC can forward blocks to a list of remote sensors, so that multiple sensors
can in effect collectively control a single network device. Such remote
sensors are referred to as master blocking sensors. See
Sensor to be a Master Blocking Sensor, page
master blocking sensors.
Specifying blocking interfaces on a network device
You can specify the interface/directions where blocking is performed in the
NAC configuration for routers. You can specify the interface where blocking
is performed in the VACL configuration.
The PIX Firewall does not block based on interface or direction, so
Note
this configuration is never specified for the PIX Firewall.
NAC can simultaneously control up to 250 interfaces.
Blocking hosts or networks for a specified time
NAC can block a host or network for a specified number of minutes or
indefinitely. NAC determines when a block has expired and unblocks the host
or network at that time.
Logging important events
NAC writes a confirmation event when block or unblock actions are
completed successfully or if any errors occur. NAC also logs important events
such as loss and recovery of a network device communication session,
configuration errors, and errors reported by the network device.
See
NAC Events, page
Appendix A
Intrusion Detection System Architecture
A-22, for more information.
10-73, for more information on
A-42, for more information.
Configuring the
78-15597-02
Advertisement
Table of Contents
Troubleshooting
