On Tue, 5 Dec 2000, FREDL L AZARES wrote:
> What's the purpose of no ip redirects in VLAN ehternet subinterface
> configuration? Thanks in advance.
It just stops ICMP redirects from being sent.
Here is a scenerio:
hostA 192.168.1.50
routerA e0 192.168.1.1 (hostA's gateway)
routerB e0 192.168.1.2
routerB e1 172.16.1.1 (hostB's gateway)
hostB 171.16.1.50
If hostA tries to contact host B, it will send the packet to its default
gateway, since the destination is not on hostA's network. routerA
receives the packet and sees it needs to send it to routerB e0. Since
routerA knows hostA could have reached routerB e0 itself (if only it knew
to do so), it informs hostA "You don't need to go thru me, you can go
directly to routerB yourself", and sends an icmp redirect. If you don't
want it to behave like this, then you can disable icmp redirects.
ICMP redirects can be a security problem in situations where customers you
don't trust have access to ethernet, even switched ethernet.
Brian
>
> Fredl Azares
> ________________________________________________________________
> GET INTERNET ACCESS FROM JUNO!
> Juno offers FREE or PREMIUM Internet access for less!
> Join Juno today! For your FREE software, visit:
> http://dl.www.juno.com/get/tagj.
>
> _________________________________
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
-----------------------------------------------
Brian Feeny, CCNP+ATM, CCDP [EMAIL PROTECTED]
Network Administrator
ShreveNet Inc. (ASN 11881)
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
