Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
919293949596979899100
97
OL-11615-01
For more information about the ip proxy-arp command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipras_r/ip1
_i2g.htm#wp1081466
TCP and UDP Small Servers
TCP and UDP small servers are daemons that typically run on Unix systems and that were designed for
diagnostic purposes. Cisco IOS software also provides an implementation of UDP and TCP small servers
that enables echo, chargen, daytime and discard services. Unless strictly necessary, these services should
be disabled because they can be used by a potential attacker to gather information, or to directly attack
the Cisco IOS software device.
TCP and UDP small services are enabled by default on Cisco IOS software release 11.2 and earlier.
These commands are disabled by default on Cisco IOS software versions 11.3 and later.
These commands can be disabled using the no service tcp-small-servers and no service
udp-small-servers global configuration commands, as shown in the following example:
Router(config)# no service tcp-small-servers
Router(config)# no service udp-small-servers
For more information about TCP and UDP small servers, refer to the following URL:
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1818/products_tech
_note09186a008019d97a.shtml#tcp_udp_servers
IP version 6 (IPv6)
IPv6 is the new Internet Protocol, version 6, designed by the IETF to replace the current IPv4 (IP version
4) and IPv6 is also known as next generation Internet Protocol or IPng. On Cisco IOS software-based
devices, IPv6 is disabled by default. We recommend that you keep IPv6 disabled and enable it only when
necessary.
In the past, a couple of vulnerabilities found on Cisco IOS affected systems running IPv6. These
vulnerabilities could lead to a system crash, or the running of arbitrary code. Only those devices that
were explicitly configured to process IPv6 traffic were affected. Disabling IPv6 when it is not needed
eliminates the potential exposure to such vulnerabilities.
On Cisco IOS devices where IPv6 is not needed but is enabled, the processing of IPv6 packets can be
disabled per interface using the no ipv6 enable and no ipv6 address commands, as shown in the
following example:
Router(config)# interface ethernet 0/0
Router(config-if)# no ipv6 enable
Router(config-if)# no ipv6 address
For more information about the ipv6 enable command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipv6_r/ipv6
_05g.htm#wp1947766
For more information about the ipv6 address command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipv6_r/ipv6
_04g.htm#wp1875806