Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

14-12

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 14 Configuring Attack Response Controller for Blocking and Rate Limiting

Disabling Blocking

To change the maximum number of block entries, follow these steps:

Step 1 Log in to the CLI using an account with administrator privileges.

Step 2 Enter network access submode.

sensor# configure terminal

sensor(config)# service network-access

sensor(config-net)#

Step 3 Enter general submode.

sensor(config-net)# general

Step 4 Change the maximum number of block entries.

sensor(config-net-gen)# block-max-entries 100

Step 5 Verify the setting.

sensor(config-net-gen)# show settings

general

-----------------------------------------------

log-all-block-events-and-errors: true <defaulted>

enable-nvram-write: false <defaulted>

enable-acl-logging: false <defaulted>

allow-sensor-block: false default: false

block-enable: true <defaulted>

block-max-entries: 100 default: 250

max-interfaces: 250 <defaulted>

master-blocking-sensors (min: 0, max: 100, current: 0)

-----------------------------------------------

-----------------------------------------------

never-block-hosts (min: 0, max: 250, current: 1)

-----------------------------------------------

ip-address: 192.0.2.1

-----------------------------------------------

-----------------------------------------------

never-block-networks (min: 0, max: 250, current: 1)

-----------------------------------------------

ip-address: 209.165.200.224/27

-----------------------------------------------

-----------------------------------------------

block-hosts (min: 0, max: 250, current: 0)

-----------------------------------------------

--MORE--

Step 6 Return to the default value of 250 blocks.

sensor(config-net-gen)# default block-max-entries

Step 7 Verify the setting.

sensor(config-net-gen)# show settings

general

-----------------------------------------------

log-all-block-events-and-errors: true <defaulted>

enable-nvram-write: false <defaulted>

enable-acl-logging: false <defaulted>

allow-sensor-block: false default: false

block-enable: true <defaulted>

block-max-entries: 250 <defaulted>

max-interfaces: 250 <defaulted>

master-blocking-sensors (min: 0, max: 100, current: 0

-----------------------------------------------

previous next