IP IPS - ip ips sdf location CLI not working from Sadiq Yakasai on 2010-05-15 (Ccielab archives 05/2010)

From: Sadiq Yakasai <sadiqtanko_at_gmail.com>
Date: Sat, 15 May 2010 23:47:43 +0100

Hi guys,

It seems to me like the documentation says we can load the signature
definition file via the command "ip ips sdf location .." , as reported by
[1] below, but this seems to be not supported on the box.

Well, I went ahead and configured my IPS policy on the router, but as it
were, I could not enable the icmp echo and echo-reply signatures (2000 and
2004).

Any help/pointers would be very helpful.

Thanks,
Sadiq

[1]
http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_ips_external_docbase_0900e4b180de56d7_4container_external_docbase_0900e4b180e076b5.html#wp1175461

R6(config)#ip ips ?
  auto-update Auto Update
  config Location of IPS configuration files
  deny-action Specify Deny action
  event-action-rules Event Action Rules (SEAP)
  fail Specify what to do during any failures
  name Specify an IPS rule
  notify Specify the notification mechanisms (SDEE or log)
for
                        the alarms
  signature-category Signature Category
  signature-definition Signature Definition

R6#
R6#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R6(config)#ip ips si
R6(config)#ip ips signature-de
R6(config)#ip ips signature-definition
R6(config-sigdef)#si
R6(config-sigdef)#signature 2000 0
Unable to locate sig 2000:0
R6(config-sigdef)#si
R6(config-sigdef)#signature ?
<1-65535> Signature ID value

R6(config-sigdef)#signature
% Incomplete command.

R6(config-sigdef)#
R6(config-sigdef)#
R6(config-sigdef)#end
R6#
R6#
R6#dir
May 15 22:57:44.932: %SYS-5-CONFIG_I: Configured from console by console
R6#dir
Directory of flash:/

    1 -rw- 5650 May 8 2010 16:40:48 +00:00 -0
    2 -rw- 5650 May 8 2010 17:10:14 +00:00 -1
    3 -rw- 5834 May 8 2010 23:02:20 +00:00 -2
    4 -rw- 5834 May 8 2010 23:10:14 +00:00 -3
    5 -rw- 1823 Feb 22 2007 09:09:30 +00:00 sdmconfig-2811.cfg
   13 drw- 0 May 15 2010 22:32:30 +00:00 IPS
    6 -rw- 833024 Feb 22 2007 09:10:16 +00:00 es.tar
    7 -rw- 1052160 Feb 22 2007 09:10:34 +00:00 common.tar
    8 -rw- 1038 Feb 22 2007 09:10:50 +00:00 home.shtml
    9 -rw- 102400 Feb 22 2007 09:11:04 +00:00 home.tar
   *10 -rw- 491213 Feb 22 2007 09:11:22 +00:00 128MB.sdf*
   11 -rw- 398305 Feb 22 2007 09:12:04 +00:00
sslclient-win-1.1.0.154.pkg
   12 -rw- 60324084 Mar 19 2010 11:03:00 +00:00
c2800nm-adventerprisek9_sna-mz.124-24.T1.bin

64016384 bytes total (733184 bytes free)
R6#
R6#sh ver | i IOS
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9_SNA-M), Version
12.4(24)T1, RELEASE SOFTWARE (fc3)
R6#

Blogs and organic groups at http://www.ccie.net
Received on Sat May 15 2010 - 23:47:43 ART

This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:53 ART