10-28
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Chapter 10 Configuring Blocking
Obtaining a List of Blocked Hosts and Connections
Note
You must end the manual block in the CLI or it is permanent.
Step 5
To end the manual block:
sensor (config-net-gen)#
no block-hosts
ip_address
Step 6
Exit network access submode:
sensor (config-net-gen)#
exit
sensor (config-net)#
exit
sensor(config)#
exit
sensor#
Obtaining a List of Blocked Hosts and Connections
Use the
show statistics
command to obtain a list of blocked hosts and blocked connections.
To obtain a list of blocked hosts and connections, follow these steps:
Step 1
Log in to the CLI.
Step 2
Check the statistics for Network Access Controller:
sensor#
show statistics network-access
Current Configuration
LogAllBlockEventsAndSensors = true
EnableNvramWrite = false
EnableAclLogging = false
AllowSensorBlock = false
BlockMaxEntries = 250
MaxDeviceInterfaces = 250
NetDevice
Type = Cisco
IP = 10.1.1.1
NATAddr = 0.0.0.0
Communications = telnet
BlockInterface
InterfaceName = fa0/0
InterfaceDirection = in
State
BlockEnable = true
NetDevice
IP = 10.1.1.1
AclSupport = uses Named ACLs
Version = 12.2
State = Active