Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

No ip redirect issues


As part of a company-wide security hardening, I was asked to implement the following commands on my switch and routers ip interfaces:

no ip redirects

no ip directed-broadcast

no ip proxy-arp

However, once I had done this we started getting problems with printing, terminal services and Exchange, which only went away when I backed out the changes.

I realise that I haven't gone into much detail, but I was just wondering if anywone knew about the implications of the commands? I was of the understanding that these bascially didn't do much and should be turned of reduce the risk from hackers.

Any help would be much apprciated,

Thanks in advance


Super Bronze

Re: No ip redirect issues


no ip redirects - this stops the default gateway sending out redirects to clients (or servers/whatever) if the best route to a given destination is via another gateway on the same subnet. It might mean that the default gateway or another router has excessive traffic going to it that would previously have been 'redirected'.

no ip directed-broadcast - this is a standard commmand in newer IOS versions... stops clients on one subnet sending broadcasts to another subnet, which is a security risk. This shouldn't cause you a problem of the type you described.

no ip proxy-arp - this feature allows the router to reply for ARP requests that clients put out for destinations the router has a route to. If a device doesn't have a correct default gateway it may be relying on proxy-arp to reach other subnets.

If you are using a lot of redirects or are relying on proxy arp, you can do a :

route print

on a windows server or client. If you see lots of routes to subnets or hosts that are not local with a destination of a router then you will be using redirects or proxy-arp.

I'd apply the no ip directed-broadcast first... then see if you have a problem.


Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

Re: No ip redirect issues

Many thanks for your reply.

I've tried a route print on a host (the exchange server) and there are 2 remote subnets listed...these happen to be the subnets which were experiencing difficulties printing and with TS. Does this mean that the router is using redirects? Or proxy-arps? Or would this be considered normal? Apologies for my ignorance!



Forgot to add: the gateway that is listed in route print is the same as the host's configured default-gateway, and that there's only gateway router on the subnet.

Hall of Fame Super Silver

Re: No ip redirect issues


I do not think that no ip directed broadcast or no ip redirects would cause the symptoms that you describe. I think it is likely that the issue is related to no ip proxy-arp. I suggest that you apply the first two commands and see if the problem starts (and I think that it will not).

I have seen situations where problems emerged when proxy arp was stopped. There were network devices that were technically misconfigured and with proxy arp enabled the problem was avoided and with proxy arp disabled the problem was evident. Frequently the problem is a mismatch between the address and subnet mask on the end station and of the router.

An end station should arp for destinations that it believes are on the local subnet and should forward to its default gateway for all others. With an address mismatch or a subnet mask mismatch the end station may believe that things are local that the router believes are remote. With proxy arp the router will answer the arp anyway and the packet can be forwarded to its destination. With proxy arp disabled the router will not answer the incorrect arp and the packet can not be delivered.

I suggest that you check on some of the end stations on some of the segments that are experiencing problems and verify whether they have correct address, subnet mask, and default gateway configured.



Super Bronze

Re: No ip redirect issues


Just to confirm Rick's comments - ip redirects wouldn't seem to be the issue (as the routes point to the same gateway traffic will have been sent to in the first instance).

proxy-arp would seem to be the problem, but you may experience some issues when you turn them off.

You'll need to examine the devices that have problems and correct any IP config errors there.



Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

Re: No ip redirect issues

Many thanks guys for your replies, much appreciated. I will investigate proxy-arp and check the configs of the problem devices.



CreatePlease login to create content