Installation guide

ManualsBrandsCisco ManualsComputer equipmentExplorer 4700

371

372

373

374

375

376

377

378

379

380

10-16

Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance

OL-26645-02

Chapter 10 Configuring Network Access

Configuring Virtual Context VLAN Interfaces

Min. Fragment MTU Value Enter the minimum fragment size that the ACE appliance accepts for

reassembly for a VLAN interface.

• For IPv4, valid entries are 28 to 9216 bytes. The default is 576.

• For IPv6, valid entries are 56 to 9216 bytes. The default is 1280.

Action For IP Header

Options

Select the IPv4, IPv6 or both action the ACE appliance is to take when

an IP option is set in a packet:

• Allow—Indicates that the ACE appliance is to allow the IP packet

with the IP options set.

• Clear—Indicates that the ACE appliance is to clear all IP options

from the packet and to allow the packet.

• Clear-Invalid—Indicates that the ACE appliance is to clear the

invalid IP options from the packet and then allow the packet. This

action is the default for IPv4.

• Drop—Indicates that the ACE appliance is to discard the packet

regardless of any options that are set. This action is the default for

IPv6.

Enable MAC Address

Autogenerate

Allows you to configure a different MAC address for the VLAN

interface.

Min. TTL IP Header Value Enter the minimum number of hops a packet is allowed to reach its

destination. Valid entries are integers from 1 to 255. This field is

applicable for IPv4 and IPv6 traffic.

Each router along the packet’s path decrements the TTL by one. If the

packet’s TTL reaches zero before the packet reaches its destination, the

packet is discarded.

MTU Value Enter number of bytes for Maximum Transmission Units (MTUs). Valid

entries are integers from 68 to 9216, and the default is 1500.

Enable Syn Cookie

Threshold Value

Embryonic connection threshold above which the ACE applies

SYN-cookie DoS protection. Valid entries are integers from 1 to 65535.

Action For DF Bit Indicate how the ACE appliance is to handle a packet that has it DF

(Don’t Fragment) bit set in the IP header:

• Allow—Indicates that the ACE appliance is to permit the packet

with the DF bit set. If the packet is larger than the next-hop MTU,

ACE appliance discards the packet and sends an ICMP unreachable

message to the source host.

• Clear—Indicates that the ACE appliance is to clear the DF bit and

permit the packet. If the packet is larger than the next-hop MTU, the

ACE appliance fragments the packet.

The default is Allow.

Table 10-3 VLAN Interface Attributes (continued)

Field Description