Re: IP IPS - ip ips sdf location CLI not working from Piotr Matusiak on 2010-05-16 (Ccielab archives 05/2010)

From: Piotr Matusiak <pitt2k_at_gmail.com>
Date: Sun, 16 May 2010 08:19:24 +0200

Hi Sadiq,

You're looking at wrong document (it's for 12.4). Take a look at:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/prod
_white_paper0900aecd805c4ea8.pdf

HTH,

--
Piotr Matusiak
CCIE #19860 (R&S, Security)
Technical Instructor
website: www.MicronicsTraining.com
blog: www.ccie1.com
If you can't explain it simply, you don't understand it well enough -
Albert Einstein
2010/5/16 Sadiq Yakasai <sadiqtanko_at_gmail.com>
> Hi guys,
>
> It seems to me like the documentation says we can load the signature
> definition file via the command "ip ips sdf location .." , as reported by
> [1] below, but this seems to be not supported on the box.
>
> Well, I went ahead and configured my IPS policy on the router, but as it
> were, I could not enable the icmp echo and echo-reply signatures (2000 and
> 2004).
>
> Any help/pointers would be very helpful.
>
> Thanks,
> Sadiq
>
> [1]
>
>
http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cf
g_ips_external_docbase_0900e4b180de56d7_4container_external_docbase_0900e4b18
0e076b5.html#wp1175461
>
>  R6(config)#ip ips ?
>  auto-update           Auto Update
>  config                Location of IPS configuration files
>  deny-action           Specify Deny action
>  event-action-rules    Event Action Rules (SEAP)
>  fail                  Specify what to do during any failures
>  name                  Specify an IPS rule
>  notify                Specify the notification mechanisms (SDEE or log)
> for
>                        the alarms
>  signature-category    Signature Category
>  signature-definition  Signature Definition
>
> R6#
> R6#conf t
> Enter configuration commands, one per line.  End with CNTL/Z.
> R6(config)#ip ips si
> R6(config)#ip ips signature-de
> R6(config)#ip ips signature-definition
> R6(config-sigdef)#si
> R6(config-sigdef)#signature 2000 0
> Unable to locate sig 2000:0
> R6(config-sigdef)#si
> R6(config-sigdef)#signature ?
>  <1-65535>  Signature ID value
>
> R6(config-sigdef)#signature
> % Incomplete command.
>
> R6(config-sigdef)#
> R6(config-sigdef)#
> R6(config-sigdef)#end
> R6#
> R6#
> R6#dir
> May 15 22:57:44.932: %SYS-5-CONFIG_I: Configured from console by console
> R6#dir
> Directory of flash:/
>
>    1  -rw-        5650   May 8 2010 16:40:48 +00:00  -0
>    2  -rw-        5650   May 8 2010 17:10:14 +00:00  -1
>    3  -rw-        5834   May 8 2010 23:02:20 +00:00  -2
>    4  -rw-        5834   May 8 2010 23:10:14 +00:00  -3
>    5  -rw-        1823  Feb 22 2007 09:09:30 +00:00  sdmconfig-2811.cfg
>   13  drw-           0  May 15 2010 22:32:30 +00:00  IPS
>    6  -rw-      833024  Feb 22 2007 09:10:16 +00:00  es.tar
>    7  -rw-     1052160  Feb 22 2007 09:10:34 +00:00  common.tar
>    8  -rw-        1038  Feb 22 2007 09:10:50 +00:00  home.shtml
>    9  -rw-      102400  Feb 22 2007 09:11:04 +00:00  home.tar
>   *10  -rw-      491213  Feb 22 2007 09:11:22 +00:00  128MB.sdf*
>   11  -rw-      398305  Feb 22 2007 09:12:04 +00:00
> sslclient-win-1.1.0.154.pkg
>   12  -rw-    60324084  Mar 19 2010 11:03:00 +00:00
> c2800nm-adventerprisek9_sna-mz.124-24.T1.bin
>
> 64016384 bytes total (733184 bytes free)
> R6#
> R6#sh ver | i IOS
> Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9_SNA-M), Version
> 12.4(24)T1, RELEASE SOFTWARE (fc3)
> R6#
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net

Received on Sun May 16 2010 - 08:19:24 ART

This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:53 ART