Cable Source Verification (Cable Source-Verify Command); Cisco Ios Firewall Feature Set; Cisco Ios Firewall Feature Enhancements - Cisco 7246VXR - uBR Router Software Configuration Manual

cops tcp window-size

Cable Source Verification (cable source-verify Command)

The cable source-verify command helps to prevent the spoofing of IP addresses by CMs or their CPE
devices by verifying that the upstream packets coming from each cable modem are known to be
associated with the IP address in that packet. Packets with IP addresses that do not match those
associated with the cable modem are dropped.
The cable source-verify [dhcp] cable interface command specifies that DHCP lease-query requests are
Note
sent to verify any unknown source IP address found in upstream data packets. This feature requires a
DHCP server that supports the new LEASEQUERY message type.
For additional information about the cable source-verify command, refer to the
Command Reference Guide

Cisco IOS Firewall Feature Set

The Cisco IOS Firewall feature set interoperates in seamless fashion with Cisco IOS software, providing
great value for the many benefits it delivers. The most outstanding benefits include:
•
•
•
•
•
For additional Cisco IOS firewall information, refer to the document titled
Feature Set

Cisco IOS Firewall Feature Enhancements

Cisco IOS Release 12.1(1a)T1 enhances the previous Cisco IOS Secure Integrated Software feature set
with the following set of features:
•
•
•
•
Cisco uBR7200 Series Universal Broadband Router Software Configuration Guide
1-104
on Cisco.com.
Flexibility — installed on a Cisco router, this all-in-one scalable solution performs multiprotocol
routing, perimeter security, intrusion detection, VPN functionality, and per-user authentication and
authorization.
Investment protection — integrating firewall functionality into a multiprotocol router leverages an
existing router investment without the cost and learning curve associated with a new platform.
VPN support — deploying Cisco IOS Firewall with Cisco IOS encryption and QoS VPN features
enables extremely secure, low-cost transmissions over public networks and ensures
mission—critical application traffic receives high priority delivery.
Scalable deployment — available for a wide variety of router platforms, the Cisco IOS Firewall
scales to meet any network`s bandwidth and performance requirements.
Easier management — with Cisco ConfigMaker software, a network administrator can configure
Cisco IOS security features (including the Cisco IOS Firewall, Network Address Translation, and
Cisco IPSec) from a central console over the network.
on Cisco.com.
Context-Based Access Control (CBAC) that intelligently filters TCP and UDP packets based on the
application-layer protocol. This includes Java applets, which can be blocked completely or allowed
only from known and trusted sources.
Detection and prevention of the most common denial of service (DoS) attacks, such as ICMP and
UDP echo packet flooding, synchronize/start (SYN) packet flooding, half-open or other unusual
TCP connections, and deliberate misfragmentation of IP packets.
Support for a broad range of commonly used protocols, including H.323 and NetMeeting, FTP,
HTTP, MS Netshow, RPC, SMTP, SQL*Net, and TFTP.
Authentication Proxy for authentication and authorization of web clients on a per-user basis.
Chapter 1 Overview of Cisco uBR7200 Series Software
Cisco IOS CMTS Cable
Cisco IOS Firewall
OL-2239-05