12-16-2008 04:15 AM - edited 03-06-2019 02:59 AM
Hi,
I'm working on network hardening...
I see if it's not use ip source route should be disable.... I would like to understand this to be able to know if it's used in our environnement or not...
Based on my read... it's look like have some relation to : "Local Source-Route Bridging", "Source-Route Translational Bridging", "Configuring Transparent Bridging" etc... (http://www.cisco.com/en/US/tech/tk331/tk660/tk610/tsd_technology_support_sub-protocol_home.html) but I'm not sure... can someone help me ?
Solved! Go to Solution.
12-16-2008 07:16 AM
Usage of IP source routing is described in RFC791. Cisco supports setting this header option in extended ping/traceroute, see http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f22.shtml#ext_troute. Neither of these documents might make it clear why you want to do this. Don't have a good suggestion for a document that explains "why".
"Do you know, if some of those product need "IP source route" ? "
Sorry, don't know.
12-16-2008 04:30 AM
The above url is for token ring technologies - do you have token ring?
12-16-2008 05:04 AM
Yes we have a small network where token ring is running.... source route bridging is use on this network... I would like if source route brindging is related to "ip source route" ?
Second if the answer is yes... the token ring is behind a firewall, the command "ip source route" we would like to disable is running in core devices.... I would like lto know if we can still disable "ip source route" in core or if we can't !
To doing this I have to be able to explain correctly to the security team what is "ip source route" excatly and how is it work to know if it is currently permit through there firewall (by default) or not !
12-16-2008 05:56 AM
The "ip source route" option is whether a router will honor explicit routing hops contained within an IP packet or not. This is different from source-route you're reading in references to Token Ring.
IP source routing can be used for some advanced network debugging; somewhat like "ping" is also used for network debugging. Deactivation of this capability normally doesn't impact routine traffic, although it disables some IP debugging capability.
12-16-2008 07:04 AM
Hi Joseph,
do you have a document which explain how "IP source route" works exactly and what debugging capability use this fonctionnality exactly....
I see on other documentation this feature is used by some management tool, we are using CiscoWorks (LMS 3.0) and Network Node Manager and OVO 7.5 (and next years will migrate to version 8.0 for both product) both from HP. Do you know, if some of those product need "IP source route" ?
thanks a lot !
12-16-2008 07:16 AM
Usage of IP source routing is described in RFC791. Cisco supports setting this header option in extended ping/traceroute, see http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f22.shtml#ext_troute. Neither of these documents might make it clear why you want to do this. Don't have a good suggestion for a document that explains "why".
"Do you know, if some of those product need "IP source route" ? "
Sorry, don't know.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: