Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

14-16

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 14 Configuring Attack Response Controller for Blocking and Rate Limiting

Disabling Blocking

Step 5 Verify that writing to NVRAM is enabled.

sensor(config-net-gen)# show settings

general

-----------------------------------------------

log-all-block-events-and-errors: true <defaulted>

enable-nvram-write: true default: false

enable-acl-logging: false default: false

allow-sensor-block: false <defaulted>

block-enable: true <defaulted>

block-max-entries: 250 <defaulted>

max-interfaces: 250 <defaulted>

master-blocking-sensors (min: 0, max: 100, current: 0)

-----------------------------------------------

Step 6 Disable writing to NVRAM.

sensor(config-net-gen)# enable-nvram-write false

Step 7 Verify that writing to NVRAM is disabled.

sensor(config-net-gen)# show settings

general

-----------------------------------------------

log-all-block-events-and-errors: true <defaulted>

enable-nvram-write: false default: false

enable-acl-logging: false default: false

allow-sensor-block: false <defaulted>

block-enable: true <defaulted>

block-max-entries: 250 <defaulted>

max-interfaces: 250 <defaulted>

master-blocking-sensors (min: 0, max: 100, current: 0)

-----------------------------------------------

Step 8 Exit network access submode.

sensor(config-net-gen)# exit

sensor(config-net)# exit

Apply Changes:?[yes]:

Step 9 Press Enter to apply the changes or enter no to discard them.

Logging All Blocking Events and Errors

Use the log-all-block-events-and-errors {true | false} command in the service network access submode

to configure the sensor to log events that follow blocks from start to finish. For example, when a block

is added to or removed from a device, an event is logged. You may not want all these events and errors

to be logged. Disabling log-all-block-events-and-errors suppresses the new events and errors. The

default is enabled.

To disable blocking event and error logging, follow these steps:

Step 1 Log in to the CLI using an account with administrator privileges.

Step 2 Enter network access mode.

sensor# configure terminal

sensor(config)# service network-access

sensor(config-net)#

previous next