ann kok wrote: > Hi > > I see there is setting in switch > > why disable? > > no ip directed-broadcast
Because this allows the switch to broadcast packets to a specific VLAN (more specifically, to an IP subnet) from hosts outside of the VLAN. Enabling this provides a nice vector for a specific denial-of-service attack. > no ip route-cache ...which disables fast-forwarding due to the fact cef is enabled (or should be). > What is good for this configuration? no ip directed-broadcast: mitigate denial of service no ip route-cache: use cef (AFAIK, this is only cosmetic) Steve _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
