cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
181836
Views
60
Helpful
8
Replies

ip forward-protocol nd??

abhi-adte
Level 1
Level 1

Hi,

I am using 3600 Router ther is in SHOW RUNNING COnfigurection one line is mention i.e. "ip forward-protocol nd" what is that??

Pls help us to provide the details.   

2 Accepted Solutions

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Abhinay,

see command reference

http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp1108053

nd

Forwards Network Disk (ND) packets. This protocol is used by older diskless Sun workstations.

the command works in conjuction with ip helper-address and tells for what protocols the relay function should be performed

Hope to help

Giuseppe

View solution in original post

Peter

So we do not agree (and people with differing outlooks and opinions is part of what makes the forum so excellent). My advice was based on these factors:

- I believe that the command is harmless. Assuming that your research is correct (and I do believe that it is) then there will be no ND traffic on the network and the presence of forward-protocol nd will have no effect.

- IOS inserts the statement into the running config. I do not know why (do you)? Perhaps there are occasional instances where IOS inserts a command that does nothing, but I believe that most of the time when IOS inserts a command that it is there for a reason. Since I am not sure about this particular command I tend to not want to mess with IOS and leave the command alone.

- it has been my experience that sometimes when IOS inserts a command that it really does not want that command to be removed. I do not remember the specifics but I do remember an experience where there was some command that had appeared in the running config and I decided to remove it. To my surprise I could enter no but the command was still there.

So if I believe that the command is harmless, if I believe that it might be there for some purpose that we do not understand, and if I am not sure that it will really come out, then my advice is to just ignore it. Your advice is different, and that is ok. Now Abhinay has a decision to make. If he chooses to remove the command I hope that he will post back to the forum indicating what the results might have been.

HTH

Rick

HTH

Rick

View solution in original post

8 Replies 8

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Abhinay,

see command reference

http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp1108053

nd

Forwards Network Disk (ND) packets. This protocol is used by older diskless Sun workstations.

the command works in conjuction with ip helper-address and tells for what protocols the relay function should be performed

Hope to help

Giuseppe

Abhinay

Just to add a little to the good explanation by Giuseppe of what it is:

- where did the command come from? The IOS inserted that command into the configuration. I am not sure why, but there are a number of releases where IOS does insert that command.

- does the command have any impact? No that command does not have any impact on the router or its performance.

- should you try to remove the command? No you should not try to remove it, just ignore it.

HTH

Rick

HTH

Rick

Rick,

should you try to remove the command? No you should not try to remove it, just ignore it.

Actually, I would recommend just the opposite. The ND protocol is obviously so ancient that I was not even able to find any specifications about it (I've done my Google job) - just bits and pieces suggesting that it was used even before the Network File System (in early 80's). In my opinion, there is no need to have the ND protocol forwarded by means of an UDP helper unless the user knows for sure that he/she is using the ND protocol, and so I would disable the forwarding of ND packets here.

Best regards,

Peter

Peter

So we do not agree (and people with differing outlooks and opinions is part of what makes the forum so excellent). My advice was based on these factors:

- I believe that the command is harmless. Assuming that your research is correct (and I do believe that it is) then there will be no ND traffic on the network and the presence of forward-protocol nd will have no effect.

- IOS inserts the statement into the running config. I do not know why (do you)? Perhaps there are occasional instances where IOS inserts a command that does nothing, but I believe that most of the time when IOS inserts a command that it is there for a reason. Since I am not sure about this particular command I tend to not want to mess with IOS and leave the command alone.

- it has been my experience that sometimes when IOS inserts a command that it really does not want that command to be removed. I do not remember the specifics but I do remember an experience where there was some command that had appeared in the running config and I decided to remove it. To my surprise I could enter no but the command was still there.

So if I believe that the command is harmless, if I believe that it might be there for some purpose that we do not understand, and if I am not sure that it will really come out, then my advice is to just ignore it. Your advice is different, and that is ok. Now Abhinay has a decision to make. If he chooses to remove the command I hope that he will post back to the forum indicating what the results might have been.

HTH

Rick

HTH

Rick

Hello,

ND is the legacy SUN protocol to boot diskless workstations.

http://www.netbsd.org/docs/network/netboot/intro.html

So, if we have a system that uses ND protocol, then it is a good idea to

leave it that way. If not, it can be removed without any harm. On the other

hand, this command is not put in by the IOS, it has to be manually

configured. So, somebody should have configured it on the switch

(knowingly/unknowingly). So, if it is not hurting, it is OK to leave it or

if you want a cleaner configuration and is not needed (for sure), then you

can remove it as well.

Regards,

NT

Hello Nagaraja,

On the other hand, this command is not put in by the IOS, it has to be manually configured. So, somebody should have configured it on the switch (knowingly/unknowingly).

I disagree with this statement. The ip forward-protocol nd command is the default and is put in by the IOS - it is just not displayed in all IOS versions. It started appearing in the IOS configuration automatically somewhere around 12.4 (or perhaps even 12.3T).

Best regards,

Peter

Hello Rick,

I am very thankful for your thoughts, and I also appreciate having different opinions - that, if discussed appropriately, moves things forward!

Regarding your ideas: I agree that there is no regular ND traffic to be found in today's networks so having that command present does no immediate harm. That also has an opposite side to it: if there is any ND traffic in today's networks, either incidentally or by malicious intent, this command will make the router forward it which could be considered undesirable. In my opinion, having an unused feature activated is actually a potential waste of system resources, and at the same time, a potential security hole (be it any unused service, no matter how harmless).

Regarding a command being inserted into configuration automatically by Cisco, I tend to be careful about it if no sensible information can be found but in this case, the purpose of the command seems to be pretty clear. Why it is visible in the configuration and why it was not visible previously can be a matter of debate. However, what I've read somewhere that if a default value of a command (usually invisible in a config) is to be changed in upcoming IOS versions, it is done in a couple of steps, one of them being making that command in its current version visible in the configuration so that people are actually aware of it being active, and then changing it to the opposite value and perhaps making the opposite form invisible after a time. Now, the ip forward-protocol nd is the default value even in older IOS versions (tested on 12.3 IOS for 3620 series routers), it just isn't visible in the configuration. The 12.4 and newer IOSes simply display that command visibly but they only display its default value. As the Network Disk protocol (IP protocol 77 from what I have been able to dig out in the meantime) is obviously largely unused, I can image this command being right in the period of transition to the inactive state.

Best regards,

Peter

what about this...the IOS inserts this as well.

ip source-route

I believe I read in 1999 ip source route was a bad idea, a security hole.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: