Verifying ip options packets, Dropping ip options packets: example, Ip options selective drop – Cisco 10000 User Manual

23-3

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 23 Protecting the Router from DoS Attacks

Configuration Examples for IP Options Selective Drop

DETAILED STEPS

Verifying IP Options Packets

Use the show ip traffic command to verify that the router drops all the packets received with IP options.

Configuration Examples for

IP Options Selective Drop

This section provides the following configuration examples:

•

Dropping IP Options Packets: Example, page 23-3

•

Verifying IP Options Handling: Example, page 23-4

Dropping IP Options Packets: Example

The following sample configuration shows how to configure the router (and downstream routers) to drop
all the packets with IP options that enter the network:

Router(config)# ip options drop

% Warning:RSVP and other protocols that use IP Options packets may not function in drop or

ignore modes.

end

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

•

Enter your password if prompted.

Step 2

configure

terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

ip options

drop

Example:

Router(config)# ip options drop

Turns IP options processing off. The router drops all the
packets received with IP options.

Note

To resume normal options processing, use the no
form of the command: no ip options.