•
•
•
•
Step Description Command Keys
14 Use all ESR rosiurces for IPS/IDS
(optional).
esr(config-ips)# perfomance max By default, half of the available
processor cores are allocated
for IPS/IDS.
15 Set external drive for recording logs in
EVE format (optional).
esr(config-ips)# logging storage-
path <DEVICE_NAME>
<DEVICE_NAME> the name of
the USB or MMC drive.
16 Enable IPS/IDS. esr(config-ips )# enable
17 Enable IPS/IDS on the interface. esr(config-if-gi)# service-ips
enable
18 Specify a name and enter the
configuration mode of the set of user
rules.
esr(config)# security ips-category
user-defined <WORD>
<WORD> – user rule set name,
set by the string of up to 32
characters.
19 Define a description of a set of user
rules (optionally).
esr(config-ips-category)#
description <DESCRIPTION>
<DESCRIPTION> – description,
set by the string of up to 255
characters.
20 Create a rule and switch to its
configuration mode.
esr(config-ips-category)# rule
<ORDER>
<ORDER> – rule number, takes
values of [1..512].
21 Specify rule description (optional). esr(config-ips-category-rule)#
description <DESCRIPTION>
<DESCRIPTION> – description,
set by the string of up to 255
characters.
22 Specify the given rule force. esr(config-ips-category-rule)#
action { alert | reject | pass | drop }
alert – traffic is allowed
and the IPS/IDS service
generates a message;
reject – traffic is
prohibited. If it is TCP
traffic, a TCP-RESET
packet is sent to the
sender and recepient, for
the rest of the traffic
type, an ICMP-ERROR
packet is sent. IPS/IDS
service generates a
message;
pass – traffic transfer is
permitted;
drop – traffic is
prohibited and the IPS/
IDS service generates a
message.