Enable IP CEF | 321 Studios OL-7141-04 guide

Chapter 1 Cisco SDM Express

Supplementary Help

Enable TCP Keepalives for Outbound Telnet Sessions

Cisco SDM Express enables TCP keepalive messages for both inbound and outbound Telnet sessions whenever possible. Enabling TCP keepalives causes the router to generate periodic keepalive messages, letting it detect and drop broken Telnet connections.

The configuration that will be delivered to the router to enable TCP keepalives for outbound Telnet sessions is as follows:

service tcp-keepalives-out

You can undo this fix using the Cisco SDM Security Audit feature. To learn how, see the Security Audit online help in Cisco SDM. For more information, click Cisco Router and Security Device Manager.

Enable Sequence Numbers and Time Stamps on Debugs

Cisco SDM Express enables sequence numbers and time stamps on all debug and log messages whenever possible. Time stamps on debug and log messages indicate the time and date that the message was generated. Sequence numbers indicate the sequence in which messages that have identical time stamps were generated. Knowing the timing and sequence that messages are generated is an important tool in diagnosing potential attacks.

The configuration that will be delivered to the router to enable time stamps and sequence numbers is as follows:

service timestamps debug datetime localtime show-timezone msec service timestamps log datetime localtime show-timeout msec service sequence-numbers

Enable IP CEF

Cisco SDM Express enables Cisco Express Forwarding or Distributed Cisco Express Forwarding whenever possible. Because there is no need to build cache entries when traffic starts arriving at new destinations, Cisco Express Forwarding behaves more predictably than other modes when presented with large volumes of traffic addressed to many destinations. Routes configured for Cisco Express Forwarding perform better under SYN attacks than routers using the traditional cache.

		Cisco SDM Express
		Cisco SDM Express
	OL-7141-04			1-33
	OL-7141-04			1-33

Image 39

321 Studios OL-7141-04 manual Enable TCP Keepalives for Outbound Telnet Sessions, Enable IP CEF

Contents

Cisco SDM Express User’s Guide Cisco SDM Express User’s Guide N T E N T S Contents Cisco SDM Express Edit Mode Contents A P T E R Welcome Domain Name Field Basic ConfigurationUsername and Password Fields Hostname Field Enable Secret Password Field Router ProvisioningSDM Express CNS Server Provision From USB TokenUSB Token or USB Flash Secure Device Provisioning Provision From USB Flash File Selection Size Wireless Interface ConfigurationLAN Interface Configuration Name Subnet Mask Field Wireless Parameters FieldsInterface/Bridge-to-Interface List IP Address Field Starting IP Address Field Dhcp Server ConfigurationEnable Dhcp server on the LAN interface Check Box Refresh, Apply Changes, Discard Changes Buttons Ending IP Address Field Primary Domain Name Server FieldSecondary Domain Name Server Field Address Type List Enable PPPoE Check BoxInternet WAN Ethernet Interface Use these DNS values for Dhcp clients Check Box Username Field Authentication Type Check BoxPassword Field Confirm Password Field Status Icon and Enable or Disable Button Internet WAN Autodetect EncapsulationInternet WAN User Specified Encapsulation Encapsulation List Virtual Path Identifier FieldVirtual Circuit Identifier Field IP Address for Remote Connection in Central Office Field Enable or Disable Button WAN Interface SelectionAdd Connection, Edit, Delete Buttons Serial Connection Interface ListRefresh Button IP Address and Subnet Mask Fields Frame Relay Configuration Settings Link Use Ietf Frame Relay Encapsulation Check Box Frame Relay Configuration SettingsDlci Field LMI Type Field CNS Server Information Internet WAN Advanced Options Firewall Configuration Primary DNS FieldSecondary DNS Field Security Settings Disable Services that Involve Security Risks Check Box Disable Snmp Services on Your Router Check Box Enhance Security on Router Access Check Box Encrypt Passwords Check BoxSummary Cisco Network Services Supplementary HelpCisco Router and Security Device Manager Disable Snmp Security Settings Disable PAD Service Disable Finger Service Disable TCP Small Servers Service Disable IP Bootp Server Service Disable UDP Small Servers Service Disable CDP Disable IP Identification Service Enable Password Encryption Service Disable IP Source Route Enable TCP Keepalives for Inbound Telnet Sessions Enable Netflow Switching Enable TCP Keepalives for Outbound Telnet Sessions Enable Sequence Numbers and Time Stamps on DebugsEnable IP CEF Set Scheduler Allocate Set Scheduler Interval Set TCP Synwait Time Enable Unicast RPF on Outside Interfaces Enable Logging Disable IP Redirects Disable IP Gratuitous ARPs Disable IP Directed Broadcast Disable IP Proxy ARP Disable IP Unreachables Disable MOP Service Set Minimum Password Length to Less Than 6 Characters Disable IP Mask Reply Set Banner Set Authentication Failure Rate to Less Than 3 Retries Enable SSH for Access to the Router Enable Telnet Settings Cisco SDM Express Buttons Help ButtonAbout Button Discard Changes Button Reconnecting to the Router After Initial ConfigurationExit Button Apply Changes Button Testing Your WAN Internet Connection Troubleshooting Tips SDP Troubleshooting Tips Overview IconsLAN Fields Firewall Fields Internet WAN Fields Edit/Delete Buttons Username/Login Password/Password is Encrypted Fields Refresh/Apply Changes/Discard Changes Buttons Encrypt password using MD5 hash algorithm CheckboxBridge/Do not bridge LAN interface with wireless Checkbox Edit a Username No WAN Available WirelessWAN-Unable to Configure WAN Interface LAN interface configuration Fields Enable Firewall/Disable Firewall Buttons Delete ConnectionFirewall Unable to Configure NAT Unable to configure Firewall Window Add or Edit Address Translation Rule Routing Select All Recommended by Cisco Checkbox Disable Services that Involve Security Risks Checkbox Synchronize with my local PC clock Checkbox Encrypt Passwords Checkbox Ping Tools Destination Field Update SDM from Cisco.comTo clear the output of the ping command Source Field Update SDM from Local PC Update SDM from CDCCO Login Date and Time Properties Synchronize CheckboxEdit Date and Time Fields Apply Button Reset to Factory DefaultsSave Running Config to PC Write down these steps and then reset the router Reconfiguring Your PC with a Static or a Dynamic IP Address Microsoft Windows NT Feature Not Available Cisco SDM Express Edit Mode Feature Not Available D E IN-2