User`s guide
1-31
Cisco SDM Express 2.4 User’s Guide
OL-7141-05
Chapter 1 Cisco SDM Express
Supplementary Help
Disable CDP
Cisco SDM Express disables Cisco Discovery Protocol whenever possible.
Cisco Discovery Protocol is a proprietary protocol that Cisco routers use to
identify each other on a LAN segment. This is dangerous in that it allows any
system on a directly connected segment to learn that the router is a Cisco device
and to determine the model number and the Cisco IOS software release being run.
This information may be used to design attacks against the router.
The configuration that will be delivered to the router to disable
Cisco Discovery Protocol is as follows:
no cdp run
You can undo this fix using the Cisco SDM Security Audit feature. To learn how,
see the Security Audit online help in Cisco SDM. For more information, click
Cisco Router and Security Device Manager.
Disable IP Source Route
Cisco SDM Express disables IP source routing whenever possible. The IP
protocol supports source routing options that allow the sender of an IP datagram
to control the route that the datagram will take toward its ultimate destination, and
generally the route that any reply will take. These options are rarely used for
legitimate purposes in networks. Some older IP implementations do not process
source-routed packets properly, and it may be possible to crash machines running
these implementations by sending them datagrams with source routing options.
Disabling IP source routing will cause a Cisco router to never forward an IP
packet that carries a source routing option.
The configuration that will be delivered to the router to disable IP source routing
is as follows:
no ip source-route
You can undo this fix using the Cisco SDM Security Audit feature. To learn how,
see the Security Audit online help in Cisco SDM. For more information, click
Cisco Router and Security Device Manager.