Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1202
Views
0
Helpful
4
Replies

UNRETIRE + ENABLE from the selected signature categories

Go to solution
ohareka70
Level 3
Level 3

‎08-24-2011 09:40 AM - edited ‎03-10-2019 05:27 AM

Hello,

I have successfully downloaded the latest IOS IPS Signature Data File-S573 and installed it on a 2811 cisco router.

I have RETIRED all the signatures in the “all” category.

How do i know which are the recommened signatures to UNRETIRE + ENABLE from the selected signature categories?

regards,

Kevin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
fabios
Level 3
Level 3
In response to ohareka70

‎08-25-2011 04:22 AM

Kevin,

Cisco recommands to start from ios_basic for platforms with 128 Mb DRAM and with ios_advanced for platforms with 256 Mb DRAM and then start unretiring signatures until (CPU not Buffer) memory drops below 10-20%.

A good read is:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6525/ps7264/ps6634/IOS_IPS_Best_Practices.pdf

Please note that the higher the number of signatures the longer is the boot time of the router.

Unretiring ios_advanced and attacs on a ISG G2 1921 with 256 Mb of DRAM brought my boot time from under two minutes to over 6 minutes (this is the compile time, since signatures are compiled when router boots) and I wnt from 80% memory free to 12% memory free.

I compromised by retiring all and unretiring ios_advanced.

Hope it helps

Fabio

(if this answer is useful to you pls rate it)

View solution in original post

0 Helpful
4 Replies 4

Go to solution
raga.fusionet
Level 4
Level 4

‎08-24-2011 09:54 PM

Kevin,

That doesnt sound right, you cant have all the signatures retired by default. Have you tried downloading the pkg and installing it again?

Thx,

Raga

0 Helpful

Go to solution
ohareka70
Level 3
Level 3
In response to raga.fusionet

‎08-25-2011 01:23 AM

Raga,

The signatures werent all retired by default.  Over 500 of them were enabled but i retired these.  This is recommened best practise from cisco and then you unretire and enable the signatures you want on the router.

I am looking for advice on which signatures are the best ones to enable from the latest download.

regards,

Kevin

0 Helpful

Go to solution
fabios
Level 3
Level 3
In response to ohareka70

‎08-25-2011 04:22 AM

Kevin,

Cisco recommands to start from ios_basic for platforms with 128 Mb DRAM and with ios_advanced for platforms with 256 Mb DRAM and then start unretiring signatures until (CPU not Buffer) memory drops below 10-20%.

A good read is:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6525/ps7264/ps6634/IOS_IPS_Best_Practices.pdf

Please note that the higher the number of signatures the longer is the boot time of the router.

Unretiring ios_advanced and attacs on a ISG G2 1921 with 256 Mb of DRAM brought my boot time from under two minutes to over 6 minutes (this is the compile time, since signatures are compiled when router boots) and I wnt from 80% memory free to 12% memory free.

I compromised by retiring all and unretiring ios_advanced.

Hope it helps

Fabio

(if this answer is useful to you pls rate it)

0 Helpful

Go to solution
ohareka70
Level 3
Level 3
In response to fabios

‎08-26-2011 01:24 AM

Fabio,

Your advice is correct.  I have just enabled the basic signatures (This loaded 500+ signatures from the latest .pkg file). I can add on any extra ones if needed as i go along.

thanks

Kevin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card