08-13-2013 07:32 PM - edited 03-10-2019 06:01 AM
Hi Guys.
When i ingress the next script in order to disable signature, the interfaces of the Ips cisco 4240 are restart, someone have any clue is so extrange just for disabling an signature?
config term
service signature-definition sig0
signatures 9202 0
status
enabled false
exit
exit
Aug 13 23:59:35.229: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/25, changed state to up
Aug 13 23:59:35.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/26, changed state to up
GigabitEthernet1/0/25 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is e8b7.4843.b099 (bia e8b7.4843.b099)
Description: **** IPS-A ****
GigabitEthernet1/0/26 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is e8b7.4843.b09a (bia e8b7.4843.b09a)
Description: **** IPS-B ****
Tahnk you.
Solved! Go to Solution.
08-16-2013 06:45 AM
Check the image attached.Hope it helps:
08-13-2013 08:02 PM
Both interfaces belongs to IPS A:
Aug 13 23:59:35.229: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/25, changed state to up
Aug 13 23:59:35.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/26, changed state to up
interface GigabitEthernet1/0/25
description **** IPS-A ****
interface GigabitEthernet2/0/26
description **** IPS-A ****
08-13-2013 08:47 PM
Hello,
What version are you running?
Does it only happen with that signature?
Check my blog at http:laguiadelnetworking.com for further information.
Cheers,
Julio Carvajal Segura
08-13-2013 09:58 PM
Hi.
At this moment i just try to do that to disable the signature.
! ------------------------------
! Current configuration last modified Tue Aug 13 18:02:59 2013
! ------------------------------
! Version 7.0(5a)
! Host:
! Realm Keys key1.0
! Signature Definition:
! Signature Update S609.0 2011-11-11
! ------------------------------
service interface
physical-interfaces GigabitEthernet0/0
admin-state enabled
duplex full
speed 1000
subinterface-type inline-vlan-pair
subinterface 1
vlan1 10
vlan2 11
exit
exit
exit
physical-interfaces GigabitEthernet0/1
admin-state enabled
duplex full
speed 1000
subinterface-type inline-vlan-pair
subinterface 1
vlan1 10
vlan2 11
exit
exit
exit
bypass-mode off
exit
08-14-2013 02:34 AM
The interfaces flap because of the bypass mode off setting. When you tune a signature ( enable/disable) , sensor goes into bypass. With bypass-mode off , the interface will go down when the sensor goes intp bypass and remain down unitl sensor is out of bypass.
You will not see this when the bypass-mode is Auto.
08-15-2013 02:16 PM
Hi.
Is safe to disable de singnature 9202?
Thank you.
08-15-2013 05:05 PM
Hi.
If i add an exclusion the IPS has the same symptom of shutdown the Interfaces?.
Thank you.
08-16-2013 04:44 AM
Hi There,
I am not sure what do you mean by exclusion.But the behavior you are observing is generic in the way , that whenever you enable/disable any signature ( or perform signature package upgrade) in bypass off mode ; it will lead to interface flap.
You may choose bypass mode auto. In this case the interfaces will not flap.
Thanks and Regards,
Gaurav.
08-16-2013 04:57 AM
I'm trying to permit just one flow of traffic that is blocking the Ips thru a rule that subtract the acctions of the firm, that will be cause an interfaces falp?
Sent from Cisco Technical Support iPad App
08-16-2013 05:09 AM
It should not.
08-16-2013 05:52 AM
how to create an rule with action to subtract from the event log of Ips manager express console?, do you know?
Thank you.
Sent from Cisco Technical Support iPad App
08-16-2013 06:45 AM
Check the image attached.Hope it helps:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide