September 2017
Beginner to intermediate
436 pages
12h 33m
English
Content preview from Implementing Cisco Networking Solutions
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
IP options and source routing
IP source routing is enabled by default within Cisco IOS. When IP source routing is enabled, IOS is able to process IP packets with the source-routing headers option.
Allowing the router to use source routing is a potential risk as this can be used to punt packets to the CPU from the normal hardware forwarding plane and even dictate the routers that would process these packets by defining the addresses in the source routing list of the IP packet options.
It is a security best practice to disable IP source routing. This can be done by using the IOS command no ip source-route in the global configuration mode.
All IP packets with the IP options present can be dropped by the router using the IOS ip options drop