12-12

User

Guide

for

the

Cisco

Application

Networking

Manager

5.2

OL-26572-01

Chapter

12

Configuring

Network

Access

Configuring

Virtual

Context

VLAN

Interfaces

Action

For

IP

Header

Options

For

ACE

module

and

ACE

appliance

sof

tware

versions

earlier

t

han

A5(1.0),

this

field

does

not

include

the

IP

version

number

and

is

for

IPv4

only.

Choose

the

IPv4,

IPv6,

or

both

action

the

ACE

appliance

is

to

take

when

an

IP

option

is

set

in

a

packet:

•

Allow—Indicates

that

the

ACE

appliance

is

to

allow

the

IP

packet

with

the

IP

options

set.

•

Clear—Indicates

that

the

ACE

appliance

is

to

clear

all

IP

options

from

the

packet

and

to

allow

th

e

packet.

•

Clear-Invalid—Indicates

that

the

ACE

appliance

is

to

clear

the

invalid

IP

options

from

the

packet

and

then

allow

the

packet.

This

action

is

the

default

for

IPv4.

•

Drop—Indicates

that

the

ACE

appliance

i

s

to

di

scard

the

packet

regar

dless

of

any

opt

ions

that

are

set.

This

action

is

the

default

for

IPv6.

Enable

MAC

Address

Autogenerate

MAC

address

autogenerate

opt

ion,

which

al

lows

you

to

configure

a

di

fferent

MAC

address

for

the

VLAN

interface.

Min.

TTL

IP

Header

Value

Minimum

number

of

hops

that

a

packet

is

allowed

to

reach

its

destination.

Valid

entries

are

from

1

to

255.

This

field

is

applicable

for

IPv4

and

IPv6

traffic.

IPv6

requires

ACE

module

and

ACE

appliance

software

Version

A5(1.0)

or

later.

Each

router

along

the

path

decrements

the

TTL

by

one.

If

the

packet

TTL

reaches

zero

before

the

packet

re

aches

it

s

destination,

th

e

packet

i

s

discarded.

MTU

Value

Number

of

bytes

for

Maximum

Transmission

Units

(MTUs).

Valid

entries

are

from

68

to

9216.

The

default

is

1500.

Enable

Syn

Cookie

Threshold

Value

Field

that

is

applicable

for

ACE

module

software

Version

A2(1.0)

and

later,

and

ACE

appliance

software

Version

A3(1.0)

and

later.

Embryonic

connection

threshold

above

which

the

ACE

applies

SYN-cookie

DoS

pr

otection.

Valid

entries

ar

e

as

fo

llows:

•

2

to

65535

for

ACE

module

software

versions

earlier

than

A4(1.0).

•

1

to

65535

for

ACE

module

software

Version

A4(1.0)

and

later,

and

ACE

appliance

software

Version

A3(1.0)

and

later.

Action

For

DF

Bit

Action

that

the

ACE

takes

when

a

packet

has

its

DF

(Don’t

Fragment)

bit

set

in

the

IP

header.

Choose

one

of

the

following

settings:

•

Allow—The

ACE

permits

the

packet

with

the

DF

bit

set.

If

the

packet

is

larger

than

the

next-hop

MTU,

ACE

discards

the

packet

and

sends

an

ICMP

unreachable

message

to

the

source

host.

This

is

the

default.

•

Clear—The

ACE

clears

the

DF

bit

and

permit

the

packet.

If

the

packet

is

larger

than

the

next-hop

MTU,

the

ACE

fragments

the

packet.

Table

12-1

VLAN

Interface

Attributes

(continued)

Field

Description