Example

router(config)# ip ips sdf location flash:128MB.sdf router(config)# ip ips fail closed router(config)# ip ips name SNRS-IPS router(config)# interface FastEthernet0/1 router(config-if)# ip address 172.30.1.2 255.255.255.0 router(config-if)# ip virtual-reassembly router(config-if)# ip ips SNRS-IPS in router(config-if)# end

*Jan 28 01:18:04.664: %IPS-6-SDF_LOAD_SUCCESS: SDF loaded successfully from flash:128MB.sdf

*Jan 28 01:18:30.452: %IPS-6-ENGINE_BUILDING: ATOMIC.L3.IP - 5 signatures - 15 of 15 engines

© 2007 Cisco Systems, Inc. All rights reservecl.SNRS v2.0—5-1E

This example shows the basic configuration necessary to load the 128MB.sdf file onto a router running Cisco IOS IPS. Note that the configuration is almost the same as when you load the default signatures onto a router, except for the ip ips sdf location command, which specifies the 128MB.sdf file. Cisco IOS IPS starts loading signatures when the very first IPS rule is enabled on an interface.

5-194 Securing Networks with Cisco Routers and Switches (SNRS) v2.0 © 2007 Cisco Systems, Inc.

Was this article helpful?

0 0

Post a comment