Specify the location of the SDF.
Step 2. Configure the failure parameter.
Step 3. Create an IPS rule and optionally apply an ACL.
Step 4. Apply the IPS rule to an interface.
Step 5. Verify the IPS configuration.
Con?¬?guring Cisco IOS Intrusion Prevention System from the CLI 161
Step 1: Specify the Location of the SDF
Step 2: Con?¬?gure the Failure Parameter
Router(config)#ip ips sdf builtin Speci?¬?es to use the built-in
SDF
NOTE: The ip ids
sdf builtin command
does not appear in the
con?¬?guration ?¬?le because
it is the default command.
This command appears
in the ?¬?le only if a
nondefault SDF is used.
Router(config)#ip ips sdf location flash:/ips5 Speci?¬?es to use the SDF
located in the folder
named ips5 located in
?¬‚ash
NOTE: To create the
directory for the location
of the nondefault SDF,
use the mkdir command
from privileged mode:
Router#mkdir flash:/
ips
The SDF ?¬?le can be
located on the root of
?¬‚ash (?¬‚ash:) if so
desired.
Router(config)#ip ips fail closed Speci?¬?es to not forward
traf?¬?c if a System
Microengine (SME) fails
NOTE: If the SME
fails, and you still want
to forward packets
without scanning,
remove this command
with the no ip ips fail
closed command.
Pages:
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135