[c-nsp] why disable ip cache and direct broadcast in switch
Jay Hennigan
jay at west.net
Wed Feb 25 19:28:14 EST 2009
ann kok wrote:
> Hi
>
> I see there is setting in switch
By switch, I assume you mean layer 3 switch or router.
> why disable?
>
> no ip directed-broadcast
"no ip directed-broadcast" is generally a good thing. It blosks smurf
DoS attacks.
> no ip route-cache
This is generally NOT a good thing, other than for debugging during
low-traffic scenarios. It forces traffic to be process-switched and
will cause high (or very high) router CPU utilization.
--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
More information about the cisco-nsp
mailing list