Configuring Cisco IOS IPS
Example 6-3 demonstrates how to configure the most common Cisco IOS
IPS features.
Example 6-3 Configuring Cisco IOS IPS
ip ips sdf location flash:sig.sdf
ip ips signature 1107 0 disable
ip ips signature 6190 0 list 199
ip ips name MY_IPS list 100
!
interface serial 1/0
ip ips MY_IPS in
!
access-list 100 deny ip host 10.1.1.1 any
access-list 100 permit ip any any
!
access-list 199 deny ip host 172.16.1.1 any
access-list 199 permit ip any any
The commands in Example 6-3 function as follows:
■ ip ips sdf location—Specifies the location of the signature definition
file.
■ ip ips signature 1107 0 disable—Disables signature 1107, subsignature
0.
■ ip ips signature 6190 0 list 199—Specifies that signature 6190,
subsignature 0 will be filtered against access list 199. Packets matching
a deny statement in the ACL bypass the IPS engine, whereas packets
matching a permit statement are scanned with the IPS engine.
■ ip ips name MY_IPS list 100—Creates an IPS rule named MY_IPS
and filters it against access list 100. Packets matching
a deny statement in the ACL bypass the IPS engine, whereas packets
matching a permit statement are scanned with the IPS engine.
■ ip ips MY_IPS in—Specifies that packets inbound to the interface are
scanned with the IPS rule MY_IPS.