文档介绍:Technical Overview
Configuring Cisco IOS IPS Using Cisco SDM and CLI
In Cisco ® Router and Security Device Manager (SDM) , the Cisco IOS ® IPS configuration is integrated within the SDM
application. The user does not need to launch a separate window to configure Cisco IOS IPS. In Cisco SDM , a new IPS
configuration wizard is added to guide users through the process of enabling Cisco IOS IPS on the router. In addition, the
user can still use the advanced configuration options to enable, disable, and tune Cisco IOS IPS using Cisco SDM .
Cisco mends that customers run Cisco IOS IPS with the pretuned signature definition files (SDFs): attack-, , and
. These files are created for routers with different amounts of memory. The files are bundled with Cisco SDM, which mends SDFs
when first enabling Cisco IOS IPS on a router. These files can also be downloaded from i-bin/-sigup
(O login). The process to enable the default SDFs is detailed in Section 1. Enable Cisco IOS IPS with a factory-default SDF. When the
default SDFs are not sufficient or customers want to add new signatures, the process detailed in Section 2 can be used.
1. ENABLE CISCO IOS IPS WITH A FACTORY DEFAULT SDF
. Enable Cisco IOS IPS with a Factory Default SDF Using CLI
In this example, we will configure a Cisco 1800 Series router with Cisco IOS IPS to load on the router flash.
First, configure the router to enable Security Device Event Exchange (SDEE) event notification.
yourname#conf t
Enter mands, one per line. End TL/Z.
yourname(config)#ip ips notify sdee
Next, create an IPS rule name that will be used to associate to interfaces.
yourname(config)# ip ips name myips
Configure an IPS mand to specify which file the Cisco IOS IPS system will read signatures from. In this example, it is the file on flash:
. The location URL portion of mand can be any valid URL pointing to files by using flash,