26-2
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 26 Protecting the Router from DoS Attacks
Restrictions for IP Options Selective Drop
Feature History for IP Options Selective Drop
Restrictions for IP Options Selective Drop
Resource Reservation Protocol (RSVP), Multiprotocol Label Switching-Traffic Engineering
(MPLS-TE), Internet Group Management Protocol Version 2 (IGMPV2), and other protocols that use IP
options packets may not function in drop mode if this feature is configured.
How to Configure IP Options Selective Drop
You can configure the router to drop all the inbound IPv4 packets with IP options or all the RP-forwarded
IP options packets.
To configure IP Options Selective Drop and protect the RP during a DoS attack, perform the following
configuration tasks:
•
Dropping Packets with IP Options, page 26-2
•
Verifying IP Options Packets, page 26-3
Dropping Packets with IP Options
Use the following procedure to configure the forwarding engine to drop packets with IP options before
sending them to the RP.
SUMMARY STEPS
1.
enable
2.
configure
terminal
3.
ip options
drop
Cisco IOS Release
Description
12.0(23)S
This feature was introduced.
12.2(2)T
This feature was integrated in Cisco IOS Release 12.2(2)T.
12.2(25)S
This feature was integrated in Cisco IOS Release 12.2(25)S.
12.2(27)SBC
This feature was integrated in Cisco IOS Release 12.2(27)SBC.
12.3(19)
This feature was integrated in Cisco IOS Release 12.3(19).
12.2(31)SB2
This feature was integrated in Cisco IOS Release 12.2(31)SB2 and
introduced on the Cisco 10000 series router for the PRE2 and PRE3.