Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Interfaces reset when disable signature.

Hi Guys.

When i ingress the next script in order to disable signature, the interfaces of the Ips cisco 4240 are restart, someone have any clue is so extrange just for disabling an signature?              

config term

service signature-definition sig0

signatures 9202 0

status

enabled false

exit

exit

Aug 13 23:59:35.229: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/25, changed state to up

Aug 13 23:59:35.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/26, changed state to up

GigabitEthernet1/0/25 is up, line protocol is up (connected)

  Hardware is Gigabit Ethernet, address is e8b7.4843.b099 (bia e8b7.4843.b099)

  Description: ****  IPS-A ****

GigabitEthernet1/0/26 is up, line protocol is up (connected)

  Hardware is Gigabit Ethernet, address is e8b7.4843.b09a (bia e8b7.4843.b09a)

  Description: ****  IPS-B ****

Tahnk you.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Interfaces reset when disable signature.

Check the image attached.Hope it helps:

11 REPLIES
New Member

Re: Interfaces reset when disable signature.

Both interfaces belongs to IPS A:

Aug 13 23:59:35.229: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/25, changed state to up

Aug 13 23:59:35.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/26, changed state to up

interface GigabitEthernet1/0/25

description ****  IPS-A ****

interface GigabitEthernet2/0/26

description ****  IPS-A ****

Re: Interfaces reset when disable signature.

Hello,

What version are you running?

Does it only happen with that signature?

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Re: Interfaces reset when disable signature.

Hi.

At this moment i just try to do that to disable the signature.

! ------------------------------

! Current configuration last modified Tue Aug 13 18:02:59 2013

! ------------------------------

! Version 7.0(5a)

! Host:

!     Realm Keys          key1.0

! Signature Definition:

!     Signature Update    S609.0   2011-11-11

! ------------------------------

service interface

physical-interfaces GigabitEthernet0/0

admin-state enabled

duplex full

speed 1000

subinterface-type inline-vlan-pair

subinterface 1

vlan1 10

vlan2 11

exit

exit

exit

physical-interfaces GigabitEthernet0/1

admin-state enabled

duplex full

speed 1000

subinterface-type inline-vlan-pair

subinterface 1

vlan1 10

vlan2 11

exit

exit

exit

bypass-mode off

exit

Cisco Employee

Re: Interfaces reset when disable signature.

The interfaces flap because of the bypass mode off setting. When you tune a signature ( enable/disable) , sensor goes into bypass. With bypass-mode off , the interface will go down when the sensor goes intp bypass and remain down unitl sensor is out of bypass.

You will not see this when the bypass-mode is Auto.

New Member

Interfaces reset when disable signature.

Hi.

Is safe to disable de singnature 9202?

Thank you.

New Member

Interfaces reset when disable signature.

Hi.

If i add an exclusion the IPS has the same symptom of shutdown the Interfaces?.

Thank you.

Cisco Employee

Interfaces reset when disable signature.

Hi There,

I am not sure what do you mean by exclusion.But the behavior you are observing is generic in the way , that whenever you  enable/disable any signature ( or perform signature package upgrade) in bypass off mode ; it will lead to interface flap.

You may choose bypass mode auto. In this case the interfaces will not flap.

Thanks and Regards,

Gaurav.

New Member

Re: Interfaces reset when disable signature.

I'm trying to permit just one flow of traffic that is blocking the Ips thru a rule that subtract the acctions of the firm, that will be cause an interfaces falp?

Sent from Cisco Technical Support iPad App

Cisco Employee

Interfaces reset when disable signature.

It should not.

New Member

Re: Interfaces reset when disable signature.


how to create an rule with action to subtract from the event log of Ips manager express console?, do you know?


Thank you.


Sent from Cisco Technical Support iPad App

Cisco Employee

Interfaces reset when disable signature.

Check the image attached.Hope it helps:

808
Views
20
Helpful
11
Replies
CreatePlease to create content