Enabling Sending Of Icmpv6 Destination Unreachable Messages - HP A5120 EI Series Configuration Manual

Hide thumbs Also See for A5120 EI Series:

Command reference manual (225 pages)

Configuration manual (197 pages)

Installation manual (91 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

Table of Contents



Upon receiving the first fragment of an IPv6 datagram with the destination IP address being the

local address, the switch starts a timer. If the timer expires before all the fragments arrive, an

ICMPv6 Fragment Reassembly Timeout message is sent to the source.

If large amounts of malicious packets are received, the performance of the switch degrades greatly

because it has to send back ICMP Time Exceeded messages. You can disable sending of ICMPv6 Time

Exceeded messages.

Follow these steps to enable sending of ICMPv6 time exceeded messages:

To do...

Enter system view

Enable sending of ICMPv6 Time

Exceeded messages

Enabling sending of ICMPv6 destination unreachable messages

If the switch fails to forward a received IPv6 packet due to one of the following reasons, it drops the

packet and sends a corresponding ICMPv6 Destination Unreachable error message to the source.

If no route is available for forwarding the packet, the switch sends a "no route to destination"



ICMPv6 error message to the source.

If the switch fails to forward the packet due to administrative prohibition (such as a firewall filter or



an ACL), the switch sends the source a "destination network administratively prohibited" ICMPv6

error message.

If the switch fails to deliver the packet because the destination is beyond the scope of the source



IPv6 address (for example, the source IPv6 address of the packet is a link-local address whereas the

destination IPv6 address of the packet is a global unicast address), the switch sends the source a

"beyond scope of source address" ICMPv6 error message.

If the switch fails to resolve the corresponding link layer address of the destination IPv6 address, the



switch sends the source an "address unreachable" ICMPv6 error message.

If the packet with the destination being local and transport layer protocol being UDP and the



packet's destination port number does not match the running process, the switch sends the source a

"port unreachable" ICMPv6 error message.

If an attacker sends abnormal traffic that causes the switch to generate ICMPv6 destination unreachable

messages, end users may be affected. To prevent such attacks, you can disable the switch from sending

ICMPv6 destination unreachable messages.

Follow these steps to enable sending of ICMPv6 destination unreachable messages:

To do...

Enter system view

Enable sending of ICMPv6 destination

unreachable messages

Use the command...

system-view

ipv6 hoplimit-expires enable

Use the command...

system-view

ipv6 unreachables enable

134

Remarks

—

Optional

Enabled by default.

Remarks

—

Required

Disabled by default.

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Enabling Sending Of Icmpv6 Destination Unreachable Messages - HP A5120 EI Series Configuration Manual

Enabling sending of ICMPv6 destination unreachable messages

Hide quick links:

Troubleshooting

Related Manuals for HP A5120 EI Series

Related Content for HP A5120 EI Series

Table of Contents