Command Reference to Check Your Memory

This section includes the most important configuration and EXEC commands covered in this chapter. To see how well you have memorized the commands as a side effect of your other studies, cover the left side of the table with a piece of paper, read the descriptions on the right side, and see whether you remember the commands.

Table 10-18 Chapter 10 Configuration Command Reference



access-list compiled

Used whenever you develop ACLs with more than three statements

ip access-group {access-list-number l access-list-name} {in 1 out}

Applies an ACL to a router's interface in the desired direction

access-list {access-list-number l access-list-name} {in 1 out}

Defines an ACL by number or name in the desired direction

zone-pair security

Defines a zone pair

service-policy type inspect

Attaches a firewall policy map to a target zone pair


Creates a class map as used with a zone-based firewall


Associates an action with traffic classified by a class map

parameter-map type

Specifies parameters that control the behavior of actions and match criteria specified under a policy map or a class map

Table 10-19 Chapter 10 EXEC Command Reference



show access-list compiled

Shows the status of your Turbo ACLs

show zone security

Displays zone descriptions along with the interfaces contained in a specified zone

show zone-pair security [source source-zone-name] [destination destination-zonename]

Displays source zone and destination zone, as well as the policy attached to the zone pair

show policy-map type inspect

[policy-map-name [class class-map-name]]

Displays a specified policy map

This page intentionally left blank

This chapter covers the following topics:

Examining IPS technologies: This section distinguishes between intrusion detection and intrusion prevention. Various intrusion prevention system (IPS) appliances are introduced, and the concept of signatures is discussed.

Using SDM to configure Cisco IOS IPS: This section examines how to configure a Cisco IOS router to act as an IPS sensor, as opposed to using, for example, a dedicated IPS appliance. Specifically, the configuration discussed uses a wizard available in the Cisco Security Device Manager (SDM) interface.

0 0

Post a comment