[c-nsp] what the heck is "ip forward-protocol nd" good for
Sebastian Beutel
sebastian.beutel at rus.uni-stuttgart.de
Thu Apr 7 14:20:54 EDT 2016
Hi Phil,
hi List,
On Thu, Apr 07, 2016 at 01:03:24PM +0100, Phil Mayers wrote:
> On 06/04/16 17:16, Sebastian Beutel wrote:
>
> >What do you think: Is this a bug?
>
> As others have said: IOS defaults are, largely, insane for 2016.
>
> We have:
>
> no ip forward-protocol nd
> no ip forward-protocol udp tftp
> no ip forward-protocol udp nameserver
> no ip forward-protocol udp domain
> no ip forward-protocol udp time
> no ip forward-protocol udp netbios-ns
> no ip forward-protocol udp netbios-dgm
> no ip forward-protocol udp tacacs
>
> ...amongst other things in our standard IOS config.
>
> It's one more tedious part of modern IT - reaping the "benefits" of
> compatibility with the very best the 1980s had to offer.
>
To me the "Cisco IOS IP Application Services Command Reference" is a little
blurry:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/command/iap-cr-book/iap-i1.html#wp1776761080
If i get it right, enabling an ip helper on an interfaces enables forwarding
of a list of stuff. Furthermore the global "ip forward-protocol udp"
(without any protocol name) enables forwarding all of this on any interface.
I suppose, that it's very naive to assume, that the lines you wrote could be
replaced by this:
no ip forward-protocol udp
ip forward-protocol udp bootpc
ip forward-protocol udp bootps
But the thing that keeps me puzzled is, that only "ip forward-protocol nd" appears
in a "sho run" of a default virgin configuration and none of the above does.
Not even in a "sho run {all|full}. Why exactly this and none of the others?
Best, Sebastian.
More information about the cisco-nsp
mailing list