Filter
Top Products
C-46
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix C Troubleshooting
Troubleshooting the Appliance
Step 3 If the master blocking sensor does not show up in the statistics, you need to add it.
Step 4 Initiate a manual block to a bogus host IP address to make sure the master blocking sensor is initiating
blocks.
sensor# configure terminal
sensor(config)# service network-access
sensor(config-net)# general
sensor(config-net-gen)# block-hosts 10.16.0.0
Step 5 Exit network access general submode.
sensor(config-net-gen)# exit
sensor(config-net)# exit
Apply Changes:? [yes]:
Step 6 Press Enter to apply the changes or type no to discard them.
Step 7 Verify that the block shows up in the ARC statistics.
sensor# show statistics network-access
Current Configuration
AllowSensorShun = false
ShunMaxEntries = 100
State
ShunEnable = true
ShunnedAddr
Host
IP = 10.16.0.0
ShunMinutes =
Step 8 Log in to the CLI of the master blocking sensor host, and using the show statistics network-access
command, verify that the block also shows up in the master blocking sensor ARC statistics.
sensor# show statistics network-access
Current Configuration
AllowSensorShun = false
ShunMaxEntries = 250
MasterBlockingSensor
SensorIp = 10.89.149.46
SensorPort = 443
UseTls = 1
State
ShunEnable = true
ShunnedAddr
Host
IP = 10.16.0.0
ShunMinutes = 60
MinutesRemaining = 59
Step 9 If the remote master blocking sensor is using TLS for web access, make sure the forwarding sensor is
configured as a TLS host.
sensor# configure terminal
sensor(config)# tls trust ip master_blocking_sensor_ip_address
For More Information
For the procedure to configure the sensor to be a master blocking sensor, see Configuring the Sensor to
be a Master Blocking Sensor, page 14-28.