12-11

User

Guide

for

the

Cisco

Application

Networking

Manager

5.2

OL-26572-01

Chapter

12

Configuring

Network

Access

Configuring

Virtual

Context

VLAN

Interfaces

More

Settings

Enable

ICMP

Guard

For

ACE

module

and

ACE

appliance

sof

tware

versions

earlier

t

han

A5(1.0),

this

field

does

not

include

the

IP

version

number

check

boxes

and

is

for

enabling

the

IPv4

version

only.

Check

the

IPv4,

IPv6,

or

both

check

boxes

to

indicate

t

hat

ICMP

Guard

is

t

o

be

e

nabled

on

the

ACE.

Clear

the

check

boxes

to

indicate

that

ICMP

Guard

is

not

to

be

enabled

on

ACE.

Caution

Disabling

ICMP

security

checks

may

expose

your

ACE

and

network

to

potential

security

risks.

When

you

disable

ICMP

Guard,

the

ACE

appliance

no

longer

performs

NAT

t

ranslations

on

the

ICMP

header

and

payload

in

error

packets,

which

can

potentially

reveal

real

host

IP

addresses

to

attackers.

Enable

DHCP

Relay

For

ACE

module

and

ACE

appliance

sof

tware

versions

earlier

t

han

A5(1.0),

this

field

does

not

include

the

IP

version

number

check

boxes

and

is

for

enabling

the

IPv4

version

only.

Check

the

IPv4,

IPv6,

or

both

check

boxes

to

indicate

that

the

ACE

is

to

accept

DHCP

requests

from

clients

on

this

interface

and

to

enable

the

DHCP

relay

agent.

For

IPv6,

link

local

address

for

the

Clear

the

check

boxes

to

indicate

that

the

ACE

is

not

to

accept

DHCP

requests

or

enable

the

DHCP

relay

agent.

R

eve

r

s

e

Pa

t

h

Fo

r

wa

r

di

ng

(RPF)

For

ACE

module

and

ACE

appliance

sof

tware

versions

earlier

t

han

A5(1.0),

this

field

does

not

include

the

IP

version

number

check

boxes

and

is

for

enabling

the

IPv4

version

only.

Check

the

IPv4,

IPv6,

or

both

check

boxes

to

indicate

that

the

ACE

is

to

discard

IP

packets

if

no

reverse

route

is

found

or

if

the

route

does

not

match

the

interface

on

which

the

packets

arrived.

Clear

the

check

boxes

to

indicate

that

the

ACE

is

not

to

filter

or

discard

packets

based

on

the

ability

to

verify

the

source

IP

address.

Reassembly

Timeout

(Seconds)

Enter

the

number

of

seconds

that

the

ACE

appliance

is

to

wait

before

it

abandons

the

fragment

reassembly

process

if

it

doesn’t

receive

any

outstanding

fragments

for

the

current

fragment

chain

(that

is,

fragments

belonging

to

the

same

packet).

•

For

IPv4,

valid

entries

are

1

to

30

se

conds.

The

default

i

s

5.

•

For

IPv6,

valid

entries

are

1

to

60

seconds.

The

default

is

60.

IPv6

requires

ACE

module

and

ACE

appliance

software

Version

A5(1.0)

or

later.

Max.

Fragment

Chains

Allowed

Enter

the

maximum

number

of

fragments

belonging

to

the

same

packet

that

the

ACE

appliance

is

to

accept

for

reassembly.

For

IPv4

and

IPv6,

valid

entries

are

integers

from

1

to

256.

The

default

is

24.

Min.

Fragment

MTU

Va

l

u

e

Enter

the

minimum

fragment

size

that

the

ACE

appliance

accepts

for

reassembly

for

a

VLAN

interface.

•

For

IPv4,

valid

entries

are

28

to

9216

bytes.

The

default

is

576.

•

For

IPv6,

valid

entries

are

56

to

9216

bytes.

The

default

is

1280.

IPv6

requires

ACE

module

and

ACE

appliance

software

Version

A5(1.0)

or

later.

Table

12-1

VLAN

Interface

Attributes

(continued)

Field

Description