Filter
Top Products
14-32
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 14 Configuring Attack Response Controller for Blocking and Rate Limiting
Configuring Network Blocking
Step 4 End the host block.
sensor# no block host 192.0.2.1
sensor#
Configuring Network Blocking
Note Connection blocks and network blocks are not supported on adaptive security appliances. Adaptive
security appliances only support host blocks with additional connection information.
Use the block network ip-address/netmask [timeout minutes] command in privileged EXEC mode to
block a network. Use the no form of the command to remove a block on a network. You must have
blocking configured before you can set up network blocks. You can also view a list of networks that are
being blocked. If you do not configure the amount of time for the network block, it is permanent.
The following options apply:
• ip-address/netmask—Specifies the network subnet to be blocked in X.X.X.X/nn format, where
X.X.X.X specifies the sensor IP address as a 32-bit address written as 4 octets separated by periods
where X = 0-255, and nn specifies the number of bits (1032) in the netmask.
• minutes—(Optional) Specifies the duration of the network block in minutes. The valid range is 0 to
70560 minutes.
Blocking a Network
To block a network, follow these steps:
Step 1 Log in to the CLI using an account with administrator or operator privileges.
Step 2 Configure the network block for 15 minutes, for example. The network block ends in 15 minutes.
sensor# block network 192.0.2.0/24 timeout 15
Step 3 Start a network block. The network block lasts until you remove it.
sensor# block network 192.0.2.0/24
Step 4 End the network block.
sensor# no block network 192.0.2.0/24
sensor#
Configuring Connection Blocking
Note Connection blocks and network blocks are not supported on adaptive security appliances. Adaptive
security appliances only support host blocks with additional connection information.