Enabling Writing To Nvram - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Configuring Blocking Properties
Exit network access mode:
Step 8
sensor(config-net-gen)# exit
sensor(config-net)# exit
Apply Changes:?[yes]:
Press Enter to apply the changes or type
Step 9

Enabling Writing to NVRAM

Use the enable-nvram-write [true | false] command to configure the sensor to have the router write to
NVRAM when the Network Access Controller first connects. If enable-nvram-write is enabled,
NVRAM is written each time the ACLs are updated. The default is disabled.
Enabling NVRAM writing ensures that all changes for blocking are written to NVRAM. If the router is
rebooted, the correct blocks will still be active. If NVRAM writing is disabled, a short time without
blocking occurs after a router reboot. And not enabling NVRAM writing increases the life of the
NVRAM and decreases the time for new blocks to be configured.
To enable writing to NVRAM, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Enter network access submode:
Step 2
sensor# configure terminal
sensor(config)# service network-access
Enter general submode:
Step 3
sensor(config-net)# general
Enable writing to NVRAM:
Step 4
sensor(config-net-gen)# enable-nvram-write true
Step 5 Verify that writing to NVRAM is enabled:
sensor(config-net-gen)# show settings
general
-----------------------------------------------
Disable writing to NVRAM:
Step 6
sensor(config-net-gen)# enable-nvram-write false
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
10-12
log-all-block-events-and-errors: true <defaulted>
enable-nvram-write: true default: false
enable-acl-logging: false default: false
allow-sensor-block: false <defaulted>
block-enable: true <defaulted>
block-max-entries: 250 <defaulted>
max-interfaces: 250 <defaulted>
master-blocking-sensors (min: 0, max: 100, current: 0)
-----------------------------------------------
to discard them.
no
Chapter 10 Configuring Blocking
78-16527-01