12.3(8)T 之前叫IDS
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#access-list 21 deny 192.168.100.205
Router1(config)#access-list 21 permit any
Router1(config)#ip audit notify log
Router1(config)#ip audit info action alarm drop reset
Router1(config)#ip audit attack action alarm drop reset
Router1(config)#ip audit smtp spam 10
Router1(config)#ip audit signature 1107 disable
Router1(config)#ip audit signature 2004 disable
Router1(config)#ip audit name COOKBOOK info list 21 action alarm drop reset
Router1(config)#ip audit name COOKBOOK attack list 21 action alarm drop reset
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ip audit COOKBOOK in
Router1(config-if)#exit
Router1(config)#end
Router1#
以后叫IPS
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#access-list 21 deny 192.168.100.205
Router1(config)#access-list 21 permit any
Router1(config)#ip ips name NEOSHI list 21
Router1(config)#ip ips signature 4050 disable
Router1(config)#ip ips fail closed
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ip ips NEOSHI in
Router1(config-if)#exit
Router1(config)#end
Router1#
