42-15
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter42 Configuring Attack Response Controller for Blocking and Rate Limiting
Blocking Page
Router Block Interface Dialog Box
Use the Add or Modify Router Block Interface dialog box to configure a blocking interface on a router
or IOS Software Catalyst 6500/7600 device that is configured as an IPS blocking device. The IPS sensor
uses the interface for blocking actions.
Navigation Path
From the Add or Modify Router Device dialog box, click the Add Row button beneath the interfaces
table, or select a row in the table and click the Edit Row button. For information on opening the Router
Device dialog box, see Router, Firewall, Cat6K Device Dialog Box, page42-14.
Interfaces and directions
where blocks will be applied
(table)
(Routers only.)
The interfaces on the device that should be used for blocking or rate
limiting. The table shows the interface name, direction, and the names
of existing ACLs that the IPS device should incorporate into the
blocking ACL.
If the interface already has an ACL configured for the specified
direction, you must specify that ACL name as a pre- or post-ACL or the
IPS removes the ACL. These ACLs are used for blocking only, not for
rate limiting.
To add an interface, click the Add Row button and fill in the Add
Router Block Interface dialog box (see Router Block Interface
Dialog Box, page 42-15).
To edit an interface, select it and click the Edit Row button.
To delete an interface, select it and click the Delete Row button.
Response Capabilities
(Routers only.)
The actions that this router can implement. Use Ctrl+click to select
multiple actions (highlighted actions are selected). Options are:
Block—The router can implement blocks in response to Request
Block Connection and Request Block Host actions.
Rate Limit—The router can implement rate limits in response to
Request Rate Limit actions.
VLANs where blocks will be
applied (table)
(Catalyst 6500/7600 devices
running the Catalyst
operating system only.)
The VLANs on the device that should be used for blocking. The table
shows the VLAN name and the names of existing VLAN ACLs (VACL)
that the IPS device should incorporate into the blocking VACL.
If the VLAN already has a VACL configured, you must specify that
VACL name as a pre- or post-VACL or the IPS removes the VACL.
To add a VLAN, click the Add Row button and fill in the Add
Cat6K Block VLAN dialog box (see Cat6k Block VLAN Dialog
Box, page 42-16).
To edit a VLAN, select it and click the Edit Row button.
To delete a VLAN, select it and click the Delete Row button.
Table42-5 Router, Firewall, Cat6K Device Dialog Boxes (Continued)
Element Description