Using The Configured Source Ip Address In Icmp Messages; Configuring The Icmp Source Interface; Configuring The Duration To Establish A Tcp Connection - Dell S6100 Configuration Manual

10.16.0.0/16
172.16.1.0/24
Using the Configured Source IP Address in ICMP
Messages
ICMP error or unreachable messages are now sent with the configured IP address of the source interface instead of the front-end port IP
address as the source IP address. Enable the generation of ICMP unreachable messages through the ip unreachable command in
Interface mode. When a ping or traceroute packet from an endpoint or a device arrives at the null 0 interface configured with a static route,
it is discarded. In such cases, you can configure Internet Control Message Protocol (ICMP) unreachable messages to be sent to the
transmitting device.

Configuring the ICMP Source Interface

You can enable the ICMP error and unreachable messages to contain the configured IP address of the source device instead of the
previous hop's IP address. This configuration helps identify the devices along the path because the DNS server maps the loopback IP
address to the host name, and does not translate the IP address of every interface of the switch to the host name.
Configure the source to send the configured source interface IP address instead of using its front-end IP address in the ICMP unreachable
messages and in the traceroute command output. Use the ip icmp source-interface interface or the ipv6 icmp
source-interface interface commands in Configuration mode to enable the ICMP error messages to be sent with the source
interface IP address. This functionality is supported on loopback, VLAN, port channel, and physical interfaces for IPv4 and IPv6 messages.
feature is not supported on tunnel interfaces. ICMP error relay, PATH MTU transmission, and fragmented packets are not supported for
tunnel interfaces. The traceroute utilities for IPv4 and IPv6 list the IP addresses of the devices in the hops of the path for which ICMP
source interface is configured.
Configuring the Duration to Establish a TCP
Connection
You can configure the duration for which the device must wait before it attempts to establish a TCP connection. Using this capability, you
can limit the wait times for TCP connection requests. Upon responding to the initial SYN packet that requests a connection to the router
for a specific service (such as SSH or BGP) with a SYN ACK, the router waits for a period of time for the ACK packet to be sent from the
requesting host that will establish the TCP connection.
You can set this duration or interval for which the TCP connection waits to be established to a significantly high value to prevent the device
from moving into an out-of-service condition or becoming unresponsive during a SYN flood attack that occurs on the device. You can set
the wait time to be 10 seconds or lower. If the device does not contain any BGP connections with the BGP neighbors across WAN links,
you must set this interval to a higher value, depending on the complexity of your network and the configuration attributes.
To configure the duration for which the device waits for the ACK packet to be sent from the requesting host to establish the TCP
connection, perform the following steps:
1 Define the wait duration in seconds for the TCP connection to be established.
CONFIGURATION mode
Dell(conf)#ip tcp reduced-syn-ack-wait <9-75>
You can use the no ip tcp reduced-syn-ack-wait command to restore the default behavior, which causes the wait period to
be set as 8 seconds.
2 View the interval that you configured for the device to wait before the TCP connection is attempted to be established.
EXEC mode
400 IPv4 Routing
ManagementEthernet 1/1
10.16.151.4
Connected Connected
Active Static