RE: ACL block entries are not added in 6500 IOS switch by IPS

1)it didnot work before so that ACL blocking dino work before2)looks like
IPS sucessfully connects to 6513 as the ACL applied to Vlan8 continiously
(every 45-60 sec) change between
interface Vlan8
ip access-group IDS_Vlan8_out_0 out
     and
interface Vlan8
ip access-group IDS_Vlan8_out_1 out

but the IDS_Vlan8_out_0 and IDS_Vlan8_out_1 don't contain block entries 3) the
errors in the log:
------------------------------------
evError: eventId=1317178506899193520 severity=error vendor=Cisco

originator:
    hostId: ips4260-1
    appName: nac
    appInstanceId:
26677
  time: 2011/10/07 09:40:51 2011/10/07 10:35:51 EST
  errorMessage:
name=errSystemError Established a connection to IP
[10.1.1.100]------------------------------------ I suppose that the probelm is
due to big Cisco 6500 configIs it possible that the IPS connects to 6500,
tries to read the current config, times out and repeat that again and again
?
> Date: Sun, 9 Oct 2011 15:55:01 +1100
> Subject: Re: ACL block entries are not added in 6500 IOS switch by IPS ARC
> From: pbhatkoti_at_gmail.com
> To: vlad_ezh_at_hotmail.com
> CC: ccielab_at_groupstudy.com
>
> How often the IPS should change the block ACls?W
> >> global-block-timeout is another entery that decides how often
>
> On Sun, Oct 9, 2011 at 3:53 PM, Radioactive Frog
<pbhatkoti_at_gmail.com>wrote:
>
> > If it was working before and not working anymore - most likely the ACL is
> > hitting the maximum ACL enteries.
> > look for block-max-enteries or similar , it was by default about 200. u
may
> > need to bump it up.
> >
> > HTH
> >
> >
> > On Wed, Oct 5, 2011 at 11:46 PM, Vladislav Yezhergin
<vlad_ezh_at_hotmail.com
> > > wrote:
> >
> >> The situation is the following:IPS
> >> device
> >> - IPS4260 7.0(6)E4ARC device - 6500 IOS 12.2(33)SXI5 6500 has 2
Internet
> >> connections - vlan2 and vlan11 are according L3 interfaces.IPS works
in
> >> promiscious mode, traffic captured using VACL capture on vlan2 and
> >> vlan11.the
> >> servers which must be protected are in vlan 8, i need to setup outgoing
> >> block
> >> ACL on Vlan8 L3 interface. I have two problems wiht this
> >> configurtion:1)IPS
> >> didnot enter blocked hosts and connections into the ACL. I see that
> >> the ACL on intreface is regualrly changed from IDS_Vlan8_out_1 to
> >> IDS_Vlan8_out_0, but no block entries are added .2)if I to try read
> >> running
> >> config i regularly got the warning that the configration is not
> >> accesible.
> >> How often the IPS should change the block ACls?Why it doesn't add the
> >> Block
> >> entries? Thanks for any clue
> >> RegardsVladislav Yezhergin
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Oct 10 2011 - 15:38:34 ART