Filter
Top Products
59-20
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 59 Configuring Router Interfaces
Advanced Interface Settings Page
Enable Directed Broadcasts
ACL
Whether to have directed broadcast packets “exploded” as a link-layer
broadcast when this interface is directly connected to the destination
subnet. When deselected, directed broadcast packets that are intended
for the subnet to which this interface is directly connected are dropped
rather than being broadcast. This is the default.
An IP directed broadcast is an IP packet whose destination address is a
valid broadcast address on a different subnet from the node on which it
originated. In such cases, the packet is forwarded as if it was a unicast
packet until it reaches its destination subnet.
This option affects only the final transmission of the directed broadcast
on its destination subnet; it does not affect the transit unicast routing of
IP directed broadcasts.
If you enable directed broadcasts, you can apply an ACL to determine
which directed broadcasts are permitted to be broadcast on the
destination subnet. All other directed broadcasts destined for the subnet
to which this interface is directly connected are dropped. Enter the
name of a standard or extended ACL object, or click Select to select an
object from a list or to create a new object.
Tip Because directed broadcasts, and particularly ICMP directed
broadcasts, have been abused by malicious persons, we
recommend deselecting this option on interfaces where directed
broadcasts are not needed. When you enable directed
broadcasts, apply an ACL to restrict their use.
Unicast Reverse Path Forwarding (RFP) Settings
Enable Unicast RFP Whether to enable unicast reverse path forwarding (RFP) on the
interface. When you enable Unicast RPF on an interface, the router
examines all packets that are received on that interface. The router
checks to make sure that the source address appears in the FIB, and
takes action based on your unicast RFP settings. Use unicast RFP to
mitigate problems caused by malformed or forged (spoofed) IP source
addresses that pass through a router. Malformed or forged source
addresses can indicate DoS attacks based on source IP address
spoofing. For more information on unicast RFP, see the description of
the ip verify unicast source reachable-via command in the Cisco IOS
Interface and Hardware Component Command Reference.
To enable unicast RFP, you must also globally enable Cisco Express
Forwarding (CEF). For more information on CEF, see CEF Interface
Settings on Cisco IOS Routers, page 59-24.
Table 59-6 Advanced Interface Settings Dialog Box (Continued)
Element Description