On Aug 21, 2010, at 2:11 AM, Yann GAUTERON wrote: > > > 2010/8/20 Jared Mauch <ja...@puck.nether.net> > > Personally (and as the instigator in the ipv6/6man discussion) if the > vendors could be trusted to expose their default settings in their > configs, i would find a default of ON to be more acceptable. As their > track-record is poor, and the harm has been realized in the network we > operate (at least), I am advocating that as a matter of policy enabling > redirects not be a default-on policy. If people want to hang themselves > that's their problem, but at least they won't come with a hidden noose > around their neck. > > On Cisco routers (at least some of them), have you tried the command > show running-config all > > This command displays all configuration, including hidden default values. > > This may help when this command is present. > > Don't know about other vendors.
This varies by IOS (software revision), and because not all devices actually have the access to this "mainline" featureset due to when they branched for their localized hardware support. I certainly wish they could get there now, and it's better in the newer access (CPE) hardware. While related, the larger problem IMHO is them removing stuff like "show parser dump exec" and "show parser dump config". I have been a supporter of exposed defaults for years, including "more secure" and "more robust" defaults. The folks on the IETF list seem to think that the existing rate-limit mechanics will protect the routers. We did not arrive at these settings as a result of those rate-limits working properly sadly. - Jared
