Well this week I decided to play around with IPS on the cisco routers. So I had a c3825 to try this on in my workplace. Tell you what, I had heard about this but it was the first time that I had configured it. Well the configuration is not that big a deal but it was fun & I loved it.
I went through the DOC-CD fully & practiced everything mentioned there. It will be interesting to see it in the exam.The reason I say is because;
First off when we load the signatures the routers processor is pegged. I wouldn't do it on a production router. I had like a gig of memory on my router so loading the signatures was not an issue but the router was totally non-responsive.
I am not too sure if packet forwarding & other actions would be affected while the signatures are loading(hopefully it isn't) but the router was not accepting my commands that I was typing in. After a minute or so it was available for me to use.
The router console is flooded with the IPS messages when ever we have packet flowing through.
Yes i had enable all signatures, which am sure is not going to be the case in the exam. In production am sure the syslog is gonna have load IPS data filled in day in & day out :)
IMO the ips config would be checked in the exam more than anything else. Just configuring signatures attributes & other related stuff. But on the whole it was really fun to work with & a cool feature to implement.
Some of the interesting links to read include
interesting-1
interesting-2
I have a friend of mine who has IOS-IPS configured in his production router. So I will be visiting him to see how its configured & what sort of stuff its reporting. Happy weekend :)
No comments:
Post a Comment