Enable Commands
91
enable ip
address_pool_
filtering
Permits packet filtering on all IP address pools. Use the
show ip
command to view the current setting.
enable ip
forwarding
Allows all IP networks to forward (route) packets. You should use this
command only if you previously used the
disable ip forwarding
command. Issue the
show ip
command to view the current setting.
enable ip
network
<network_name>
Enables the specified IP network, which you previously defined using
add
ip network
. You can use
list ip networks
to see the currently
defined IP networks, as well as their current status.
enable ip
rip
Enables the RIP protocol for all IP networks. RIP protocol is set to NONE by
default. You can check the RIP version using
show ip network
settings
and modify it using
set ip network
. Use the
show ip
routing
command to view the current setting.
enable ip
routing
Allows all routing protocols for all IP networks. Currently, this command
enables only RIP, so it is functionally the same as
enable ip rip
. Use
the
show ip routing
command to view the current setting.
enable ip
security_option
commands
■
enable ip security_option drop_tcp_fragoffset1
■
enable ip security_option
disallow_all_header_options
■
enable ip security_option
disallow_source_route_options
Each of the above commands allows global filtering of all IP packets
containing the specified datagram fields (described below). This security
feature also syslogs the event when the packet is dropped. See the
show
packet_logging settings
command for accounting data.
The following datagram fields, when found, cause the packet to be
dropped:
■
fragment offset=1
— Packets with an offset equal to one are
discarded in accordance with RFC 1858. Some routers that may be
used on the same network with the RAS 1500 may be configured to
filter out specific traffic. In some cases these routers do not apply the
filter correctly for IP packets with an offset of 1. To avoid this
circumstance in the filtering mechanism, packets of this type can be
