Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
14-8
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 14 Configuring Attack Response Controller for Blocking and Rate Limiting
Configuring Blocking Properties
Enabling Writing to NVRAM, page 14-15
Logging All Blocking Events and Errors, page 14-16
Configuring the Maximum Number of Blocking Interfaces, page 14-17
Configuring Addresses Never to Block, page 14-19
Allowing the Sensor to Block Itself
Caution We recommend that you do not permit the sensor to block itself, because it may stop communicating
with the blocking device. You can configure this option if you can ensure that if the sensor creates a rule
to block its own IP address, it will not prevent the sensor from accessing the blocking device.
Use the allow-sensor-block {true | false} command in the service network access submode to configure
the sensor to block itself. To allow the sensor to block itself, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Enter network access submode.
sensor# configure terminal
sensor(config)# service network-access
Step 3 Enter general submode.
sensor(config-net)# general
Step 4 Configure the sensor to block itself. By default, this value is false.
sensor(config-net-gen)# allow-sensor-block true
Step 5 Verify the settings.
sensor(config-net-gen)# show settings
general
-----------------------------------------------
log-all-block-events-and-errors: true <defaulted>
enable-nvram-write: false <defaulted>
enable-acl-logging: false <defaulted>
allow-sensor-block: true default: false
block-enable: true default: true
block-max-entries: 100 default: 250
max-interfaces: 250 <defaulted>
master-blocking-sensors (min: 0, max: 100, current: 0)
-----------------------------------------------
-----------------------------------------------
never-block-hosts (min: 0, max: 250, current: 1)
-----------------------------------------------
ip-address: 192.0.2.1
-----------------------------------------------
-----------------------------------------------
never-block-networks (min: 0, max: 250, current: 1)
-----------------------------------------------
ip-address: 209.165.200.224/27
-----------------------------------------------
-----------------------------------------------
block-hosts (min: 0, max: 250, current: 0)
-----------------------------------------------
--MORE--
 previous next