Setting Maximum Block Entries - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Configuring Blocking Properties
--MORE--
Exit network access submode:
Step 8
sensor(config-net-gen)# exit
sensor(config-net)# exit
Apply Changes:?[yes]:
Press Enter to apply the changes or type
Step 9

Setting Maximum Block Entries

Use the block-max-entries command in the service network access submode to configure the maximum
block entries.
You can set how many blocks are to be maintained simultaneously (1 to 65535). The default value is 250.
We do not recommend setting the maximum block entries higher than 250. Some devices have problems
Caution
with larger numbers of ACL or shun entries. Refer to the documentation for each device to determine its
limits before increasing this number.
The number of blocks will not exceed the maximum block entries. If the maximum is reached, new
Note
blocks will not occur until existing blocks time out and are removed.
To change the maximum number of block entries, follow these steps:
Log in to the CLI using an account with administrator privileges.
Step 1
Enter network access submode:
Step 2
sensor# configure terminal
sensor(config)# service network-access
Enter general submode:
Step 3
sensor(config-net)# general
Change the maximum number of block entries:
Step 4
sensor(config-net-gen)# block-max-entries 100
Verify the setting:
Step 5
sensor(config-net-gen)# show settings
general
-----------------------------------------------
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
10-8
-----------------------------------------------
block-hosts (min: 0, max: 250, current: 0)
-----------------------------------------------
log-all-block-events-and-errors: true <defaulted>
enable-nvram-write: false <defaulted>
enable-acl-logging: false <defaulted>
allow-sensor-block: false default: false
block-enable: true <defaulted>
block-max-entries: 100 default: 250
to discard them.
no
Chapter 10 Configuring Blocking
78-16527-01