Feature history for ip options selective drop, Restrictions for ip options selective drop, How to configure ip options selective drop – Cisco 10000 User Manual

23-2

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 23 Protecting the Router from DoS Attacks

Restrictions for IP Options Selective Drop

Feature History for IP Options Selective Drop

Restrictions for IP Options Selective Drop

Resource Reservation Protocol (RSVP), Multiprotocol Label Switching-Traffic Engineering
(MPLS-TE), Internet Group Management Protocol Version 2 (IGMPV2), and other protocols that use IP
options packets may not function in drop mode if this feature is configured.

How to Configure IP Options Selective Drop

You can configure the router to drop all the inbound IPv4 packets with IP options or all the RP-forwarded
IP options packets.

To configure IP Options Selective Drop and protect the RP during a DoS attack, perform the following
configuration tasks:

•

Dropping Packets with IP Options, page 23-2

•

Verifying IP Options Packets, page 23-3

Dropping Packets with IP Options

Use the following procedure to configure the forwarding engine to drop packets with IP options before
sending them to the RP.

SUMMARY STEPS

1.

enable

2.

configure terminal

3.

ip options drop

Cisco IOS Release

Description

12.0(23)S

This feature was introduced.

12.2(2)T

This feature was integrated in Cisco IOS Release 12.2(2)T.

12.2(25)S

This feature was integrated in Cisco IOS Release 12.2(25)S.

12.2(27)SBC

This feature was integrated in Cisco IOS Release 12.2(27)SBC.

12.3(19)

This feature was integrated in Cisco IOS Release 12.3(19).

12.2(31)SB2

This feature was integrated in Cisco IOS Release 12.2(31)SB2 and
introduced on the Cisco 10000 series router for the PRE2 and PRE3.