Configuring The Duration To Establish A Tcp Connection; Enabling Directed Broadcast - Dell S4820T Configuration Manual
Hide thumbs
Also See for S4820T:
- Manual (60 pages) ,
- Installation manual (59 pages) ,
- Configuration manual (1178 pages)
Table of Contents
Advertisement
Configuration mode to enable the ICMP error messages to be sent with the source interface IP address.
This functionality is supported on loopback, VLAN, port channel, and physical interfaces for IPv4 and IPv6
messages. feature is not supported on tunnel interfaces. ICMP error relay, PATH MTU transmission, and
fragmented packets are not supported for tunnel interfaces. The traceroute utilities for IPv4 and IPv6 list
the IP addresses of the devices in the hops of the path for which ICMP source interface is configured.
Configuring the Duration to Establish a TCP Connection
This functionality is supported on the S4820T platform.
You can configure the amount of time for which the device must wait before it attempts to establish a
TCP connection. Using this capability, you can limit the wait times for TCP connection requests. Upon
responding to the initial SYN packet that requests a connection to the router for a specific service (such
as SSH or BGP) with a SYN ACK, the router waits for a period of time for the ACK packet to be sent from
the requesting host that will establish the TCP connection.
You can set this duration or interval for which the TCP connection waits to be established to a
significantly high value to prevent the device from moving into an out-of-service condition or becoming
unresponsive during a SYN flood attack that occurs on the device. You can set the wait time to be 10
seconds or lower. If the device does not contain any BGP connections with the BGP neighbors across
WAN links, you must set this interval to a higher value, depending on the complexity of your network and
the configuration attributes.
To configure the duration for which the device waits for the ACK packet to be sent from the requesting
host to establish the TCP connection, perform the following steps:
1.
Define the wait duration in seconds for the TCP connection to be established.
CONFIGURATION mode
Dell(conf)#ip tcp reduced-syn-ack-wait <9-75>
You can use the no ip tcp reduced-syn-ack-wait command to restore the default behavior,
which causes the wait period to be set as 8 seconds.
2.
View the interval that you configured for the device to wait before the TCP connection is attempted
to be established.
EXEC mode
Dell>show ip tcp reduced-syn-ack-wait
Enabling Directed Broadcast
By default, Dell Networking OS drops directed broadcast packets destined for an interface. This default
setting provides some protection against denial of service (DoS) attacks.
To enable Dell Networking OS to receive directed broadcasts, use the following command.
•
Enable directed broadcast.
INTERFACE mode
ip directed-broadcast
To view the configuration, use the show config command in INTERFACE mode.
IPv4 Routing
463
Advertisement
Table of Contents
Troubleshooting
