I dont have access to an IOS router to confirm... but I think retired true/false commands only appear in signature-category, however retired t/f and enable t/f both appear in signature definition. hope that helps...
Please check this link. http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/prod_white_paper0900aecd805c4ea8.html Retire/Unretire signatures Retire/unretire is to select/de-select which signatures are being used by IOS IPS to scan traffic. Retiring a signature means IOS IPS will NOT compile that signature into memory for scanning. Unretiring a signature instructs IOS IPS to compile the signature into memory and use the signature to scan traffic. Enable/Disable signatures Enable/disable is to enforce/disregard the action(s) associated with the signatures by IOS IPS when packet or packet flow matches the signatures. *Note:* Enable/disable does NOT select/de-select signatures to be used by IOS IPS. Enabling a signature means that when triggered by a matching packet (or packet flow), the signature takes the appropriate action associated with it. However, only unretired AND successfully compiled signatures will take the action when they are enabled. In other words, if a signature is retired, even though it is enabled, it will not be compiled (because it is retired) and it will not take the action associated with it. Disabling a signature means that when triggered by a matching packet (or packet flow), the signature DOES NOT take the appropriate action associated with it. In other words, when a signature is disabled, even though it is unretired and successfully compiled, it will not take the action associated with it. FNK On Wed, Oct 5, 2011 at 11:02 PM, Fawad Khan <[email protected]> wrote: > Adil, > > retired TRUE means, that these sig category will not be loaded in the > memory..... > retired false means, that this sig category will be loaded in the memory. > > > > enable true means, that this signature is not only loaded in the memory as > well, but its also functioning. > enabled false means, tthat this signature is only loaded in the memory, but > its NOT functioning at this moment. > > > > Regards, > FNK. > > > > On Wed, Oct 5, 2011 at 9:15 PM, Adil Pasha <[email protected]> wrote: > >> Guys, >> >> In YB Lab 2 the solution is: >> >> category all >> retired true >> enabled false <<< What if I add this command? Is this correct answer >> or wrong answer in real lab? >>> >> category ios_ips basic >> retired false >> enabled false <<< What if I add this command? Is this correct answer >> or wrong answer in real lab? >>> >> ! >> >> Best Regards. >> ______________________ >> Adil >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
