Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

14-18

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 14 Configuring Attack Response Controller for Blocking and Rate Limiting

Disabling Blocking

The max-interfaces command configures the limit of the sum total of all interfaces and devices. In

addition to configuring the limit on the sum total of interfaces and devices, there is a fixed limit on the

number of blocking interfaces you can configure per device. Use the show settings command in network

access mode to view the specific maximum limits per device.

To configure the maximum number of blocking interfaces, follow these steps:

Step 1 Log in to the CLI using an account with administrator privileges.

Step 2 Enter network access mode.

sensor# configure terminal

sensor(config)# service network-access

sensor(config-net)#

Step 3 Enter general submode.

sensor(config-net)# general

Step 4 Specify the maximum number of interfaces.

sensor(config-net-gen)# max-interfaces 50

Step 5 Verify the number of maximum interfaces.

sensor(config-net-gen)# show settings

general

-----------------------------------------------

log-all-block-events-and-errors: true default: true

enable-nvram-write: false default: false

enable-acl-logging: false default: false

allow-sensor-block: false <defaulted>

block-enable: true <defaulted>

block-max-entries: 250 <defaulted>

max-interfaces: 50 default: 250

master-blocking-sensors (min: 0, max: 100, current: 0)

-----------------------------------------------

Step 6 Return the setting to the default of 250.

sensor(config-net-gen)# default max-interfaces

Step 7 Verify the default setting.

sensor(config-net-gen)# show settings

general

-----------------------------------------------

log-all-block-events-and-errors: true default: true

enable-nvram-write: false default: false

enable-acl-logging: false default: false

allow-sensor-block: false <defaulted>

block-enable: true <defaulted>

block-max-entries: 250 <defaulted>

max-interfaces: 250 <defaulted>

master-blocking-sensors (min: 0, max: 100, current: 0)

----------------------------------------------

Step 8 Exit network access mode.

sensor(config-net-gen)# exit

sensor(config-net)# exit

Apply Changes:?[yes]:

previous next