Send document comments to nexus7k-docfeedback@cisco.com.
2-13
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 4.x
OL-20002-02
Chapter 2 Configuring IPv4
Configuring IPv4
This example shows how to disable gratuitous ARP requests:
switch# config t
switch(config)# interface ethernet 2/3
switch(config-if)# no ip arp gratuitous request
switch(config-if)# copy running-config startup-config
Configuring IP Packet Verification
Cisco NX-OS supports an Intrusion Detection System (IDS) that checks for IP packet verification. You
can enable or disable these IDS checks.
To enable IDS checks, use the following commands in global configuration mode:
Step 3
ip arp gratuitous {request | update}
Example:
switch(config-if)# ip arp gratuitous
request
Enables gratuitous ARP on the interface. Default is
enabled.
Step 4
copy running-config startup-config
Example:
switch(config-if)# copy running-config
startup-config
(Optional) Saves this configuration change.
Command Purpose
Command Purpose
hardware ip verify address {destination
zero | identical | reserved | source
{broadcast | multicast}}
Performs the following IDS checks on the IP address:
• destination zero—Drops IP packets if the
destination IP address is 0.0.0.0.
• identical—Drops IP packets if the source IP address
is identical to the destination IP address.
• reserved—Drops IP packets if the IP address is in
the 127.x.x.x range.
• source—Drops IP packets if the IP source address is
either 255.255.255.255 (broadcast) or in the
224.x.x.x range (multicast).
hardware ip verify checksum Drops IP packets if the packet checksum is invalid.
hardware ip verify fragment Drops IP packets if the packet fragment has a nonzero
offset and the DF bit is active.
To Next Page
Loading...
