162 Con?¬?guring Cisco IOS Intrusion Prevention System from the CLI
Step 3: Create an IPS Rule, and Optionally Apply an ACL
Step 4: Apply the IPS Rule to an Interface
Router(config)#ip ips name ROUTER-IPS Creates an IPS rule named
ROUTER-IPS
Router(config)#ip ips name TEST-IPS list 123 Creates an IPS rule named
TEST-IPS and applies
ACL 123 for further
scrutiny of scanned
packets
Router(config)#interface fastethernet 0/0 Moves to interface
con?¬?guration mode
Router(config)#ip virtual-reassembly Virtually reassembles
fragments so packets can
be scanned by the IPS
NOTE: Cisco
suggests that the
ip virtual-reassembly
command be applied
to all interfaces where
traf?¬?c comes into the
router, to facilitate
the IPS engines.
Router(config-if)#ip ips ROUTER-IPS in Applies the IPS rule at the
interface, loads the
signatures, and builds the
signature engines
NOTE: This process
can take up to 10
minutes depending
on the router platform.
It is recommended that
you enable logging
messages to monitor
the engine building
status.
Con?¬?guring Cisco IOS Intrusion Prevention System from the CLI 163
NOTE: Enable logging with the following commands.
Step 5: Verify the IPS Con?¬?guration
IPS Enhancements
Several enhancements that are possible with an IPS con?¬?guration follow:
??? Merge SDFs
??? Disable, delete, and ?¬?lter selected signatures within an SDF
??? Change the location of the SDF
Merge SDFs
Router(config)#logging on Enables logging to all
supported destinations
Router(config)#logging 192.
Pages:
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135