Task 6.4 IOS IDS - Protected network

Task says Do not include the 183.x.37.64 through 183.x.37.127 but no solution in the answer book. Could some one confirm me the following is the right answer?
no ip audit po protected 183.x.37.64 to 183.x.37.127

Comments

  • Hi Nag,

    I noticed the same thing on my lab. Was thinking they were missing something. Honestly, I am not completely sure how this is accomplished though.

    Don't believe your command will cut it though. I could not get that command to take on my 2600xm running 12.3(23). Am pretty sure the command is "ip audit protected". However, when you negate the ip audit protected command it removes all defined networks. Not sure if we have to protect all networks for this to work, but was thinking something to the effect of..

    ip audit protected 183.1.0.0 to 183.1.37.63
    ip audit protected 183.1.37.128 to 183.1.255.255
    ip audit protected 150.1.0.0 to 150.1.255.255
    etc...

    Anyone else care to comment?

    Thanks,

    -Mike
  • Asked a friend of mine at Cisco to look into this with one of the product manager's in the ISR team. I felt the documentation on the IOS IDS is quite lacking.

    MikeD would be correct. What did not make sense to me was the definition of what a "protected network" was, and what would be different about how the IOS IDS treated protected versus non-protected hosts.

    It is a command that has been removed from the more modern versions of the IOS, and in-fact is nothing more than a "designator" defining a host as "internal" versus "external".

    The IOS IDS will not do ANYTHING differently for those hosts.
  • This is what in the command-reference is written about this: "When an attack is detected, the corresponding event contains a flag that denotes whether the source or destination of the packet belongs to a protected network or not."

    So defining protected networks produces additional flags in the log-messages.

    regards,
    airfow
Sign In or Register to comment.