Hi Tiago ,
I guess you are right , from the command reference it affects only ip
icmp type 5 redirects , so it will be like having an access-list that
denies icmp traffic from a source to a destination in the same subnet
inbound on the router connected to the promiscous port.
Thanks
On 9/20/10, Tiago Lousada Soares <tiagolousadasoares_at_gmail.com> wrote:
> Hi,
>
> I think that the "no ip redirects" just stops the router from sending ICMP
> ip redirects to the sender of the packet, it won't stop the traffic going
> through. At least that is my understanding of the command and its
> functionality. But maybe someone else can shed more light into the subject.
>
> Check the command reference:
>
> http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp1081518
>
> <http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp1081518>
> HTH,
>
> Tiago
>
> On Sat, Sep 18, 2010 at 6:42 PM, eseosa <eseosa.ehiwe_at_gmail.com> wrote:
>
>> Proxy attack is an attempt to bypass a PVLAN implementation so if a
>> question says we should stop this attack , the solutions recommended
>> by Yusuf Bhaiji is that we use an acl that denies any packet with
>> same source and destination ip address of the subnet in question or
>> DHCP snooping on the switch .
>>
>> I was thinking no ip redirects on the router interface should suffice
>> as well even though it is an overkill.
>>
>> Correct me if i am wrong.
>>
>> --
>> Warm Regards,
>>
>> Eseosa
>> CCIE #23782
>> Before God we are all equally wise - and equally foolish.
>> Albert Einstei
>>
>>
>
-- Warm Regards, Eseosa CCIE #23782 Before God we are all equally wise - and equally foolish. Albert Einstein Blogs and organic groups at http://www.ccie.netReceived on Mon Sep 20 2010 - 10:07:50 ART
This archive was generated by hypermail 2.2.0 : Fri Oct 01 2010 - 05:58:05 ART