no ip redirects

Unanswered Question
Jan 20th, 2008


Some vendors suggest me to config following for all interfaces

inter fastethernet x

no ip redirects

any advantage if I implement it?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Danilo Dy Sun, 01/20/2008 - 07:49


"no ip redirects" disables "ICMP redirects" in the interface.

In the first glance, "ICMP redirects" is good as it always provide the optimum route. Check this link on how "ICMP redirects" work

However, "ICMP redirects" present a potent DOS (Denial Of Service) attack. If the target

system does accept ICMP redirects (and packets can actually reach it) that system can be stopped from talking to any particular address on the net. Also, attacks can be launch from anywhere - not necessary from the local network.

Following are links to IOS Hardening which discusses "no ip redirects" and other feature




This Discussion