7
Configuring an interface as the source for Syslog packets
IP option attack protection
An attack on the network could be accomplished using the options field of an IP packet header. For
example, the source routing option makes it possible for the sender to specify a route to follow.
To protect against attacks contained in the option field, devices drop any IP packet that contains an
option in its header, except for packets. IGMP packets are processes even if they contain IP
options. If you want other packets that contain options in their headers to be processed, enter a
command such as the following.
BigIron RX(config)#ip ip-option-process
Syntax: [no] ip ip-option-process
IP receive access list
The IP receive access list feature uses IPv4 ACLs to filter the packets intended for the management
process to protect the management module from being overloaded with heavy traffic that was sent
to one of the Layer 3 Switch IP interfaces. The feature applies to IPv4 unicast and multicast
packets.
Configuring IP receive access list
IP receive access list is a global configuration command. Once it is applied, the command will be
effective on all the management modules on the device. To configure the feature, do the following.
1. Create a numbered ACL that will be used as the IP receive ACL. This ACL can be a standard (1–
2. Configure ACL 10 as the IP receive access list by entering the following command.
Specify an access list number for <num>.
The IP receive ACL is applied globally to all interfaces on the device.
Displaying IP receive access list
To determine if IP receive access list has been configured on the device, enter the following
command.
BigIron RX# show access-list bindings
L4 configuration:
ip receive access-list 101
186
99) or extended (100–199) ACL. Named ACLs are not supported.
BigIron RX(config)# access-list 10 deny host 209.157.22.26 log
BigIron RX(config)# access-list 10 deny 209.157.29.12 log
BigIron RX(config)# access-list 10 deny host IPHost1 log
BigIron RX(config)# access-list 10 permit any
BigIron RX(config)# write memory
BigIron RX(config)# ip receive access-list 10
Syntax: [no] ip receive access-list <num>
BigIron RX Series Configuration Guide
53-1002253-01