Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

14-11

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 14 Configuring Attack Response Controller for Blocking and Rate Limiting

Disabling Blocking

enable-acl-logging: false <defaulted>

allow-sensor-block: false default: false

block-enable: true default: true

block-max-entries: 100 default: 250

max-interfaces: 250 <defaulted>

master-blocking-sensors (min: 0, max: 100, current: 0)

-----------------------------------------------

-----------------------------------------------

never-block-hosts (min: 0, max: 250, current: 1)

-----------------------------------------------

ip-address: 192.0.2.1

-----------------------------------------------

-----------------------------------------------

never-block-networks (min: 0, max: 250, current: 1)

-----------------------------------------------

ip-address: 209.165.200.224/27

-----------------------------------------------

-----------------------------------------------

block-hosts (min: 0, max: 250, current: 0)

-----------------------------------------------

--MORE--

Step 8 Exit network access submode.

sensor(config-net-gen)# exit

sensor(config-net)# exit

Apply Changes:?[yes]:

Step 9 Press Enter to apply the changes or enter no to discard them.

For More Information

• For the procedure for configuring the sensor to manage Cisco routers, see Configuring the Sensor

to Manage Cisco Routers, page 14-23.

• For the procedure for configuring the sensor to manage Cisco routers and switches, seeConfiguring

the Sensor to Manage Catalyst 6500 Series Switches and Cisco 7600 Series Routers, page 14-25.

Specifying Maximum Block Entries

Caution We do not recommend setting the maximum block entries higher than 250. Some devices have problems

with larger numbers of ACL or shun entries. Refer to the documentation for each device to determine its

limits before increasing this number.

Note The number of blocks will not exceed the maximum block entries. If the maximum is reached, new

blocks will not occur until existing blocks time out and are removed.

Use the block-max-entries command in the service network access submode to configure the maximum

block entries. You can set how many blocks are to be maintained simultaneously (1 to 65535). The

default value is 250.

previous next