Re: [Config] 871 & 12.4(15)T3 DebugsON ?

Author	All Replies
TROLL131313 join:2004-12-21 Horsham, PA ·Comcast	reply to mazzy Re: [Config] 871 & 12.4(15)T3 DebugsON ? You are correct on the boot-up debug. IOS has to do this since it spits out info on the remote port on start up. Have you tried the IPS migration wizard in SDM yet? It seems to work and it will even download the latest V5 signature pkg from cisco and convert them. Overall the performance seems better now with IPS, tho time will tell.
	to forum · permalink · · 2008-02-09 15:11:59 ·
MSN join:2004-05-15 Osgoode, ON	Coincidentally, I'm testing my new 871 with 12.4(15)T3 and with IPS turned on both outbound and inbound and I'm seeing absolutely no performance difference with IPS on vs. off. Speedtest.net and speakeasy.net/speedtest both give me approximately 4200 kbps down and 600 kbps up on my ADSL connection regardless of whether IPS is scanning the packets or not. I'm seeing all kinds of detailed IPS messages in my syslog as it's doing its thing too, so I know its working. I'm also using ZBF (Zone-Based firewall). I'm impressed and a bit surprised. /Eric
	to forum · permalink · · 2008-02-09 22:21:37 ·
jrpavel3 join:2002-03-16 UK	If you show cpu history, you will see how hard your router is working
	to forum · permalink · · 2008-02-10 18:35:00 ·
mr_dirt join:2006-02-14 Denver, CO	reply to MSN said by MSN : I'm also using ZBF (Zone-Based firewall). I'm impressed and a bit surprised. So, what are you impressed and surprised at? Performance? Are you running the complete sig list?
	to forum · permalink · · 2008-02-13 17:54:04 ·
MSN join:2004-05-15 Osgoode, ON	I'm running the complete "basic" list per the SDM's recommendations. Since the 871 only has 128 MB RAM, the advanced list will cause memory faults when traffic is high. That said, I've only disabled two signatures. Cisco recently announced a TTL vulnerability in their IOS and two of the signatures matched against this type of DoS attack. I was getting too many false positives (mainly from UPnP and dynamic routing protocol...basically IP multicast) so I turned 'em off. As I said in my 1st post, what impresses me most is that througput doesn't seem to be affected in the least with the IPS engines (13 of them) all turned on. /Eric
	to forum · permalink · · 2008-02-13 19:53:24 ·
mr_dirt join:2006-02-14 Denver, CO	Thanks for the details.
	to forum · permalink · · 2008-02-14 01:15:44 ·
MSN join:2004-05-15 Osgoode, ON	You're welcome. Also, I'm running 384 signatures. /Eric
	to forum · permalink · · 2008-02-14 09:54:41 ·


Saturday, 05-Dec 15:10:48	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF