07-30-2009 01:18 PM - edited 03-10-2019 04:43 AM
My question belongs to a Cisco 1712 (128 MB, IOS 12.3T, SDM 2.5 installed):
I'm trying to change the default action "alarm" to "alarm,reset,drop" for all signatures of my custom set.
However doing so via SDM fails. First, it appears as being done correctly, but after compiling the signatures again, the default values are back there (in the same sense, I was unable to delete signatures, works just using the CLI).
I followed the instructions at cisco.com:
router(config)#ip ips signature-definition
router(config-sigdef)#signature 6130 10
router(config-sigdef-sig)#engine
router(config-sigdef-sig-engine)#event-action produce-alert
router(config-sigdef-sig-engine)#event-action deny-packet-inline
router(config-sigdef-sig-engine)#event-action reset-tcp-connection
router(config-sigdef-sig-engine)#exit
However ip ips signature-definition is not understood by the router, so the procedure fails.
Can you please assist me ?
08-05-2009 08:42 AM
You can use IOS command-line interface (CLI) to change signature actions for one signature or a group of signatures based on signature categories. The following example shows how to change signature action to alert, drop and reset for signature 6130 with subsig ID of 10.
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#ip ips signature-definition
router(config-sigdef)#signature 6130 10
router(config-sigdef-sig)#engine
router(config-sigdef-sig-engine)#event-action produce-alert
router(config-sigdef-sig-engine)#event-action deny-packet-inline
router(config-sigdef-sig-engine)#event-action reset-tcp-connection
router(config-sigdef-sig-engine)#exit
router(config-sigdef-sig)#exit
router(config-sigdef)#exit
Do you want to accept these changes? [confirm]y
router(config)#
08-06-2009 12:22 AM
Hi vmoopeung, I really appreciate your help.
But what you describe is exactly the problem I'm facing with. The procedure doesn't work on IOS 12.3T, it requires (if I correctly remember) 12.4. at least.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide