11-05-2016 03:00 AM - edited 03-10-2019 06:42 AM
Hi expert
I would like to configure IDS on my C7200 NPE-G1 to monitor my out bound traffic of my WS-C6504.
I tried to follow instruction here "IDS instruction". I am unable to apply the first command below. There are no such command. Is there anything I need to enable prior to this?
Thank you in advance for your help.
Router(config)#ip audit?
% Unrecognized command
Router(config)#ip audit
Router(config)#ip audit notify log
^
% Invalid input detected at '^' marker.
Solved! Go to Solution.
11-05-2016 06:42 AM
The implementation of IPS changed many times in the past. If your IOS is not really ancient, it's likely that the command is "ip ips ..." on your router.
11-05-2016 06:42 AM
The implementation of IPS changed many times in the past. If your IOS is not really ancient, it's likely that the command is "ip ips ..." on your router.
11-05-2016 10:27 AM
Thank you for taking time to reply. I wish to use IDS instead of IPS. My goal is to have alert on suspicious traffic instead of blocking them. The reason is to avoid false positive and blocked good traffic.
I am considering using NPE-G1 or IDSM-2. My traffic to WAN is about 100mbps.
11-05-2016 10:36 AM
It's the syntax that changed over time. You still have the possibility to operate in IDS or IPS mode. IDSM-2 is completely outdated. You should look at FirePower for up-to-date IPS/IDS.
11-05-2016 11:28 AM
Noted the mode setting. Thank you for the valuable info.
Noted your recommendation of FirePower.
The intention is to have better monitoring on suspicious traffic especially for smtp spamming out from our network. Once alerted, we will investigate manually. Since we have 2 units of C7206 NPE-G1 in store sleeping do nothing, I planned to use them for IDS purpose.
11-05-2016 11:54 AM
Also think about sending NetFlow data to a netflow collector. That will also show you when the behavior of your network changes. Probably it will give you more useful information than IDS in that case.
11-05-2016 12:02 PM
Thank you. Will study NetFlow to understand more.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide