what is mean of the commend "no ip redirects"

Unanswered Question
Jul 15th, 2008

i dont't know when to use this commend of "no ip redirects"in routers interfaces,and what this commend mean?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
garytayl Tue, 07/15/2008 - 17:22


Based on documentation:

An ICMP redirect message can be generated by a router when a packet is received and transmitted on the same interface. In this situation, the router will forward the original packet and send a ICMP redirect message back to the sender of the original packet. This behavior allows the sender to bypass the router and forward future packets directly to the destination (or a router closer to the destination).

There are two types of ICMP redirect messages: redirect for a host address or redirect for an entire subnet.

The ip icmp redirect command determines the type of ICMP redirects sent by the system and is configured on a per system basis. Some hosts do not understand ICMP subnet redirects and need the router to send out ICMP host redirects. Use the ip icmp redirect host command to have the router send out ICMP host redirects. Use the ip icmp redirect subnet command to set the value back to the default, which is to send subnet redirects.

To prevent the router from sending ICMP redirects, use the no ip redirects interface configuration command.

Hope it helps,


chenzhang_001 Tue, 07/15/2008 - 17:43

Thanks for your help, Gary! Because i'm a Chinese, my English is not very good i hope i can get more informations from the forums!

Mark Yeates Tue, 07/15/2008 - 17:44

To add to Gary's post that the "no ip redirects"

command is highly recommended from a security standpoint. ICMP redirect messages can be used by an attacker to generate network topology and perform network diagnosis. Generation of this message should be disabled on all interfaces, especially interfaces that are connected to untrusted networks.



This Discussion