Home / server / Questions / 280064
Accepted
JCCyC
Asked: 2011-06-14 13:09:52 +0800 CST

How to disable ICMP redirect packets in Cisco IOS?

  • 772

I'm studying a "good practices" document for Cisco IOS, and one of its controls tells me to disable ICMP Redirect packets in the router. Sounds reasonable. So I go test it in Cisco Packet Tracker (a nifty little network emulator program). In my virtual router's IOS CLI, I type the following:

jcios01#config term
Enter configuration commands, one per line.  End with CNTL/Z.
jcios01(config)#interface GigabitEthernet9/0
jcios01(config-if)#no ip mask-reply
                          ^
% Invalid input detected at '^' marker.

I'm puzzled. That's what the document told to do. enable, "config term", "interface " and then "no ip mask-reply". Am I forgetting something?

Yes, I'm a Cisco newbie.

cisco configuration icmp ios interface

1 Answers

  1. Best Answer

    On a real IOS, the command to disable icmp redirects is somewhat misleading as it's under the "ip" submenu, but the help clarifies the trouble :

    router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#int f1/0
router(config-if)#no ip ?
Interface IP configuration subcommands:
<snip>
  redirects           Enable sending ICMP Redirect messages

router(config-if)#no ip redirects 


router#sh run int f1/0  
!
interface FastEthernet1/0
 description --- WAN
 ip address dhcp
 no ip redirects   <<<
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
end

    Here interface configuration is shown with some other useful options for an "insecure" interface.

    Btw, PacketTracer is great to learn the IOS commandline, but I found its behavior way too much different from a true IOS to be useful.

    You may take a look at dynamips/dynagen/gns3, or even quagga. Dynamips, and its frontend gns3 are used to realistic labs, as they use a real IOS image, and quagga is an IOS-like routing daemon for unixes.

    • 5