Setting The Ip Packet Ttl; Configuring Unicast Reverse-Path Forwarding - Cisco 4700M Configuration Manual

Configuring Interface Normalization Parameters

Setting the IP Packet TTL

Note

Configuring Unicast Reverse-Path Forwarding

Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
4-40
Chapter 4
To reset the ACE behavior to the default of clearing all IP options if the appliance
encounters one or more invalid or unsupported IP options, enter:
host1/C1(config-if)# no ip options
The packet time to live (TTL) specifies the number of hops that a packet is
allowed to reach its destination. Each router along the packet's path decrements
the TTL by one. If the packet's TTL reaches zero before the packet reaches its
destination, the packet is discarded.
To specify the minimum TTL value that the ACE accepts in the IP header of an
incoming packet, use the ip ttl command in interface configuration mode. The
default behavior of the ACE is to not rewrite the TTL value of a packet. The
syntax of this command is as follows:
ip ttl minimum number
The number argument is the minimum number of hops that a packet is allowed to
reach its destination. Enter an integer from 1 to 255 hops.
If the TTL value of the incoming packet is lower than the configured minimum
value, the ACE rewrites the TTL with the configured value. Otherwise, the ACE
transmits the packet with its TTL unchanged or discards the packet if the TTL
equals zero.
For example, to set the TTL to 15, enter:
host1/C1(config-if)# ip ttl minimum 15
To reset the behavior of the ACE to the default of not overwriting the TTL of an
incoming IP packet, enter:
host1/C1(config-if)# no ip ttl minimum
Unicast reverse-path forwarding (URPF) helps to mitigate problems caused by the
introduction of malformed or forged (spoofed) IP source addresses into a network
by allowing the ACE to discard IP packets that lack a verifiable source IP address.
Configuring TCP/IP Normalization and IP Reassembly Parameters
OL-16202-01