ip option enable (interface view)

Function

The ip option enable command enables the system to process IP packets with route options.

The undo ip option enable command disables the system from processing IP packets with route options.

By default, the system processes IP packets with route options.

Format

ip option { route-alert | route-record | source-route | time-stamp } enable

ip option { route-alert | route-record | source-route | time-stamp } inherent-global

undo ip option { route-alert | route-record | source-route | time-stamp } enable

Parameters

Parameter	Description	Value
route-alert	Enables the system to process IP packets with the route-alert option.	-
route-record	Enables the system to process IP packets with the route-record option.	-
source-route	Enables the system to process IP packets with the source-route option. This option determines the path along which packets are transmitted.	-
time-stamp	Enables the system to process IP packets with the time-stamp option. This option calculates the time spent on packet transmission and processing.	-
inherent-global	Clears the configuration on an interface and restores the configuration of processing IP packets with route options on the interface to the system configuration. This parameter can be configured only in the interface view.	-

Views

100ge sub-interface view, 100GE interface view, 10GE sub-interface view, 10GE interface view, 200GE sub-interface view, 25GE sub-interface view, 25GE interface view, 400GE sub-interface view, 400GE interface view, 40GE sub-interface view, 40GE interface view, 50GE sub-interface view, 50GE interface view, Eth-Trunk sub-interface view, Eth-Trunk interface view, FlexE interface view, GE optical interface view, GE sub-interface view, GE interface view, GE electrical interface view, GMPLS-UNI interface view, Global VE sub-interface view, LMP interface view, Loopback interface view, MTI interface view, Mtunnel view, PW-VE sub-interface view, PW-VE interface view, Tunnel interface view, VBDIF interface view, VE sub-interface view, VLANIF interface view, Management interface view, Virtual template view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
ip-stack	write

Usage Guidelines

Usage Scenario

IP packets can carry the following route options:

Route-alert
Route-record
Source-route
Time-stamp
Generally, these options are used for diagnosing network paths and temporarily transmitting special services. These options, however, may be used by attackers to spy on the network structure for initiating attacks. Therefore, you need to run the ip option enable command to enable the system to process IP packets with route options or run the undo ip option enable command to disable the system from processing IP packets with route options.
By default, the system processes IP packets with route options. To prevent attacks that make use of IP packets with route options, disable the system from processing IP packets with route options.

Configuration Impact

After the system is disabled from processing IP packets with route options, the system counts only the number of discarded packets.

Precautions

If the network status is normal and the system is required to process IP packets with route options, run the ip option enable command.

The priority of the route configured in the interface view is higher than that of the route configured in the system view.

After the undo ip option enable command is run, the processing of IP packets carrying route options may be affected. For example, after the undo ip option route-alert enable command is run, the processing of RSVP-TE packets is affected.

Example

# Disable the system from processing IP packets with the Route-Alert option.

<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet 0/1/1
[~HUAWEI-GigabitEthernet0/1/1] undo ip option route-alert enable