Which packets should the IPS forward for BFD to work under all circumstances?

A company plans to use BFD between its routers to detect a connectivity problem inside the switched network. An IPS is transparently installed between the switches. Which packets should the IPS forward for BFD to work under all circumstances?
A. IP packets with broadcast IP source addresses
B. IP packets with identical source and destination IP addresses
C. fragmented packets with the do-not-fragment bit set
D. IP packets with the multicast IP source address
E. IP packets with the multicast IP destination address
F. IP packets with the destination IP address 0.0.0.0

cisco-exams

One thought on “Which packets should the IPS forward for BFD to work under all circumstances?

  1. Most IPS see this packet as LAND DoS attack and will drop. Cisco FP IPS is hard coded to drop before any configurable rulesets, which is why FP IPS doesn’t support BFD in echo mode. McAfee can be configured in two different ways to allow LAND DoS attack. Profile comparison, or remove attack signature. Ideally you don’t want to run LAND attack over your IPS because it leaves your network vulnerable.

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.