Hi,
I think that the "no ip redirects" just stops the router from sending ICMP
ip redirects to the sender of the packet, it won't stop the traffic going
through. At least that is my understanding of the command and its
functionality. But maybe someone else can shed more light into the subject.
Check the command reference:
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp1081518
<http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp1081518>
HTH,
Tiago
On Sat, Sep 18, 2010 at 6:42 PM, eseosa <eseosa.ehiwe_at_gmail.com> wrote:
> Proxy attack is an attempt to bypass a PVLAN implementation so if a
> question says we should stop this attack , the solutions recommended
> by Yusuf Bhaiji is that we use an acl that denies any packet with
> same source and destination ip address of the subnet in question or
> DHCP snooping on the switch .
>
> I was thinking no ip redirects on the router interface should suffice
> as well even though it is an overkill.
>
> Correct me if i am wrong.
>
> --
> Warm Regards,
>
> Eseosa
> CCIE #23782
> Before God we are all equally wise - and equally foolish.
> Albert Einstei
Blogs and organic groups at http://www.ccie.net
Received on Mon Sep 20 2010 - 01:34:09 ART
This archive was generated by hypermail 2.2.0 : Fri Oct 01 2010 - 05:58:05 ART