White Paper
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 12
Here is another example to enable all signatures belonging to signature Cisco IOS IPS basic
category.
training#configure terminal
Enter configuration commands, one per line. End with CNTL/Z
training(config)#ip ips signature-category
training(config-ips-category)# category ios_ips basic
training(config-ips-category-action)#enabled true
training(config-ips-category-action)#exit
training(config-ips-category)#exit
Do you want to accept these changes? [confirm]y
Additional Commands and References
Cisco IOS IPS Configuration Guide:
http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a0080747eb0.html
7 Retire/Unretire Signatures
You can use the Cisco IOS Software CLI to retire or unretire one signature or a group of
signatures based on signature categories.
Retiring a signature means Cisco IOS IPS will not compile that signature into memory for
scanning. Unretiring a signature instructs Cisco IOS IPS to compile the signature into memory and
use the signature to scan traffic.
Following are sample CLI commands to retire signature 6130/10.
training#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
training(config)#ip ips signature-definition
training(config-sigdef)#signature 6130 10
training(config-sigdef-sig)#status
training(config-sigdef-sig-status)#retired true
training(config-sigdef-sig-status)#exit
training(config-sigdef-sig)#exit
training(config-sigdef)#exit
Do you want to accept these changes? [confirm]y
training(config)#
