Configuring Manual Blocking - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Chapter 10 Configuring Blocking
Exit network access submode:
Step 12
sensor(config-net-gen-mas)# exit
sensor(config-net-gen)# exit
sensor(config-net)# exit
sensor(config)# exit
Apply Changes:?[yes]:
Press Enter to apply the changes or type
Step 13
On the master blocking sensor, add the block forwarding sensor's IP address to the access list. For the
Step 14
procedure, see

Configuring Manual Blocking

Use the block-hosts and block-networks commands in the service network access submode to manually
block a host or a network. You must have blocking configured before you can set up manual blocks. You
can also view a list of hosts and networks that are being blocked.
Manual blocks in the CLI are actually changes to the configuration, so they are permanent. You cannot
Note
do a timed manual block. You cannot use the IPS manager to delete blocks created by the CLI. Manual
blocks have to be removed in the CLI.
We recommend that you use manual blocking on a very limited basis, if at all.
Caution
To manually block a host or a network, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Enter network access mode:
Step 2
sensor# configuration terminal
sensor(config)# service network-access
Enter general mode:
Step 3
sensor (config-net)# general
Step 4 Start the manual block:
a.
b.
78-16527-01
Changing the Access List, page
For a host IP address:
sensor(config-net-gen)# block-hosts ip_address
For a network IP address:
sensor(config-net-gen)# block-networks ip_address/netmask
The format for ip_address/netmask is A.B.C.D/nn.
Example:
sensor (config-net-gen)# block-networks 10.0.0.0/8
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
to discard them.
no
4-5.
Configuring Manual Blocking
10-27