10-12
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Chapter 10 Configuring Blocking
Configuring Blocking Properties
Step 8
Exit network access mode:
sensor(config-net-gen)#
exit
sensor(config-net)#
exit
Apply Changes:?[yes]:
Step 9
Press
Enter
to apply the changes or type
no
to discard them.
Enabling Writing to NVRAM
Use the
enable-nvram-write [true | false]
command to configure the sensor to have the router write to
NVRAM when the Network Access Controller first connects. If enable-nvram-write is enabled,
NVRAM is written each time the ACLs are updated. The default is disabled.
Enabling NVRAM writing ensures that all changes for blocking are written to NVRAM. If the router is
rebooted, the correct blocks will still be active. If NVRAM writing is disabled, a short time without
blocking occurs after a router reboot. And not enabling NVRAM writing increases the life of the
NVRAM and decreases the time for new blocks to be configured.
To enable writing to NVRAM, follow these steps:
Step 1
Log in to the CLI using an account with administrator privileges.
Step 2
Enter network access submode:
sensor#
configure terminal
sensor(config)#
service network-access
Step 3
Enter general submode:
sensor(config-net)#
general
Step 4
Enable writing to NVRAM:
sensor(config-net-gen)#
enable-nvram-write true
Step 5
Verify that writing to NVRAM is enabled:
sensor(config-net-gen)#
show settings
general
-----------------------------------------------
log-all-block-events-and-errors: true <defaulted>
enable-nvram-write: true default: false
enable-acl-logging: false default: false
allow-sensor-block: false <defaulted>
block-enable: true <defaulted>
block-max-entries: 250 <defaulted>
max-interfaces: 250 <defaulted>
master-blocking-sensors (min: 0, max: 100, current: 0)
-----------------------------------------------
Step 6
Disable writing to NVRAM:
sensor(config-net-gen)#
enable-nvram-write false