IOS IPS ver 5 and high memory usage

Unanswered Question
May 3rd, 2007
User Badges:

Hi,

Is anyone else having high memory issues when using ver 5? I have installed on a 1801 with 128 M memory. It only has 4 M free now. Is there a way to reduce the active signatures? I have disbaled some but the number of active is still at 338.

Thanks,

Scott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
ymzhang Wed, 05/09/2007 - 15:34
User Badges:

You can use SDM2.4 (www.cisco.com/go/sdm) to manage the signatures. To remove an signature from router (Prevent it from being compiled into memory), change signature to "retired=true".


The "retired" attribute controls whether a signature is loaded into router memory or not.


Thanks,

-Chris

scottyd Wed, 05/09/2007 - 15:40
User Badges:

Thanks for the feedback.

But I want to know:

If it is a supported solution from Cisco, why does it not work with out any modification.

I have the reccommended 128M RAM and installed the IPS in basic mode.


In my mind it should work like that. Or is there some other problem with the config or router?

Thanks.

ymzhang Wed, 05/09/2007 - 15:43
User Badges:

can you please provide your router's 'show version' and running configuration, 'show flash' and show memory output.


I will take a look.


Thanks,

-Chris

scottyd Wed, 05/09/2007 - 16:41
User Badges:

Hi,

Thanks,

Here is the info. The SDM shows very low free mem 7M. As you can see by the flash it has crashed a few times.


Scott




Attachment: 
ymzhang Wed, 05/09/2007 - 20:42
User Badges:

Scott,

Your ips configuration looks good.


You are really beat the router to its memory limit. You used almost all the of security features in this little box - ios fw, appfw, ios ips, vpn, sslvpn, nat, netflow, nbar. Out of those, appfw, ios ips and nbar/nat will require the most memory. I would recommend you either upgrade your router memory or tune the ios ips signatures, to reduce ips memory usage.


Thanks,

-Chris

scottyd Thu, 05/10/2007 - 12:31
User Badges:

Hi Chris,

Thanks for the confirmation. We have back tracked to IPS 4. But I see that the latest version of the IOS only supports ver 5. So some day we are going to have to make a decision. I have looked at memory upgrades and we can not get any third party RAM and the Cisco RAM is more than the whole router originally cost! $1,800 NZD!!

Scott

ymzhang Thu, 05/10/2007 - 12:50
User Badges:

Scott,

Sorry I can not comment on the RAM thing. I think you have to go through with your partner or account team for the process.


For the IOS IPS support, starting 12.4(11)T, it only supports IOS IPS in 5.x signature format. For prior releases, it is 4.x signature format. Those two and not compatible, but I do see the latest version is a lot easier to configure/manage compared to previous version.


Thanks,

-Chris

Actions

This Discussion