Command:
ip inspect name
Mode:
Router(config)#
Syntax:
ip inspect name inspection-name protocol
[alert {on | off}] [audit-trail {on
| off}] [timeout seconds]
no ip inspect name [inspection-name
protocol]
Syntax
Description:
|
inspection-name |
Name of inspection defined protocol |
|
protocol |
A protocol keyword listed in the Table A. |
|
alert
|
For each inspected protocol, the generation of alert
messages can be set on or off. |
|
audit-trail
|
For each inspected protocol, audit trail can be set on
or off. |
|
timeout |
To override the global TCP or User Datagram Protocol
idle timeouts for the specified protocol, specify the number of seconds
for a different idle timeout. |
Table A: Protocol
Keywords
|
Protocol |
protocol Keyword |
|
Transport-Layer Protocols |
|
|
TCP |
tcp |
|
UDP |
udp |
|
Application-Layer Protocols |
|
|
CU-SeeMe |
cuseeme |
|
FTP |
ftp |
|
Java |
http |
|
H.323 |
h323 |
|
Microsoft NetShow |
netshow |
|
UNIX R commands (rlogin, rexec, rsh) |
rcmd |
|
RealAudio |
realaudio |
|
RPC |
rpc |
|
SMTP |
smtp |
|
SQL*Net |
sqlnet |
|
StreamWorks |
streamworks |
|
TFTP |
tftp |
|
VDOLive |
vdolive |
Command
Description:
To
define a set of inspection rules, use the ip inspect name command in
global configuration mode.
Example:
The following examples
directs the router to inspect ftp traffic:
Router(config)#ip inspect name mycbac1 ftp
©
Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education