cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1046
Views
4
Helpful
8
Replies

IOS IPS ver 5 and high memory usage

scottyd
Level 1
Level 1

Hi,

Is anyone else having high memory issues when using ver 5? I have installed on a 1801 with 128 M memory. It only has 4 M free now. Is there a way to reduce the active signatures? I have disbaled some but the number of active is still at 338.

Thanks,

Scott

8 Replies 8

wong34539
Level 6
Level 6

This issue usually occurs because of a memory leak. However it cannot be said that it is due to the IPS service running whcih is causing this problem. Following links may help you

http://www.cisco.com/en/US/products/ps6634/prod_white_papers_list.html

http://www.cisco.com/en/US/products/ps6634/products_white_paper0900aecd8057558a.shtml

ymzhang
Level 1
Level 1

You can use SDM2.4 (www.cisco.com/go/sdm) to manage the signatures. To remove an signature from router (Prevent it from being compiled into memory), change signature to "retired=true".

The "retired" attribute controls whether a signature is loaded into router memory or not.

Thanks,

-Chris

Thanks for the feedback.

But I want to know:

If it is a supported solution from Cisco, why does it not work with out any modification.

I have the reccommended 128M RAM and installed the IPS in basic mode.

In my mind it should work like that. Or is there some other problem with the config or router?

Thanks.

can you please provide your router's 'show version' and running configuration, 'show flash' and show memory output.

I will take a look.

Thanks,

-Chris

Hi,

Thanks,

Here is the info. The SDM shows very low free mem 7M. As you can see by the flash it has crashed a few times.

Scott

Scott,

Your ips configuration looks good.

You are really beat the router to its memory limit. You used almost all the of security features in this little box - ios fw, appfw, ios ips, vpn, sslvpn, nat, netflow, nbar. Out of those, appfw, ios ips and nbar/nat will require the most memory. I would recommend you either upgrade your router memory or tune the ios ips signatures, to reduce ips memory usage.

Thanks,

-Chris

Hi Chris,

Thanks for the confirmation. We have back tracked to IPS 4. But I see that the latest version of the IOS only supports ver 5. So some day we are going to have to make a decision. I have looked at memory upgrades and we can not get any third party RAM and the Cisco RAM is more than the whole router originally cost! $1,800 NZD!!

Scott

Scott,

Sorry I can not comment on the RAM thing. I think you have to go through with your partner or account team for the process.

For the IOS IPS support, starting 12.4(11)T, it only supports IOS IPS in 5.x signature format. For prior releases, it is 4.x signature format. Those two and not compatible, but I do see the latest version is a lot easier to configure/manage compared to previous version.

Thanks,

-Chris

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: