Cisco IPS-4240-K9 - Intrusion Protection Sys 4240 Getting Started Manual page 8

All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
If there is no access to a TFTP server, a USB flash drive could be an alternate way to load the
signature package into Cisco IOS IPS. First, copy the signature package into the USB drive, then
insert the USB flash drive into one of the USB ports on the router. The following message will
show up in the router console:
*Aug 18 06:46:49.554 PST: %USBFLASH-5-CHANGE: usbflash1 has been
inserted!
Now use the copy command to load the signature package from usbflash to Cisco IOS IPS:
training#copy usbflash1:IOS-S261-CLI.pkg idconf
All signatures are by default configured to 'Alarm' action only. If you want to configure additional
actions, the following CLI commands are available to change the signature configurations.
training(config)#ip ips signature-category
training(config-ips-category)#category ios_ips basic
training(config-ips-category-action)#event-action deny-packet-inline
training(config-ips-category-action)#event-action reset-tcp-
connection
training(config-ips-category-action)#exit
training(config-ips-category)#exit
Do you want to accept these changes? [confirm]y
000114: *Aug 11 23:53:26.945 PST: Applying Category configuration to
signatures
...
IMPORTANT: Make sure that you accept the changes when prompted. Otherwise, they will not be
saved.
Use the show run command at the router prompt to verify the signature category configuration:
show run
ip ips signature-category
category all
retired true
category ios_ips basic
retired false
event-action deny-packet-inline
event-action reset-tcp-connection
White Paper
Page 8 of 12