UMN:CLI
7.15.2
7.16
7.16.1
174
help prevent that hackers can find impossible connections.
To configure not to send the message that informs TCP connection can not be done, use
the following command.
Command
ip tcp ignore rst-unknown
no ip tcp ignore rst-unknown
SYN Configuration
SYN sets up TCP connection. The hiD 6615 S223/S323 transmits cookies with SYN to a
person who tries to make TCP connection. And only when transmitted cookies are re-
turned, it is possible to permit TCP connection. This function prevents connection over-
crowding because of accessed users who are not using and helps the other users use
service.
To permit connection only when transmitted cookies are returned after sending cookies
with SYN, use the following command.
Command
ip tcp syncookies
no ip tcp syncookies
Packet Dump
Failures in network can occur by certain symptom. Each symptom can trace to one or
more problems by using specific troubleshooting tools. The hiD 6615 S223/S323 switch
provides the debug command to dump packet. Use debug commands only for problem
isolation. Do not use it to monitor normal network operation. The debug commands pro-
duce a large amount of processor overhead.
Verifying Packet Dump
You can configure a packet dump type to verify dumped packets as the follows.
Packet Dump by Protocol
•
Packet Dump with Option
•
The hiD 6615 S223/S323 also provides debug command for Layer 3 routing protocols
(BGP, OSPF, RIP and PIM). If you want to debug about them, refer to the each configura-
tion chapter.
SURPASS hiD 6615 S223/S323 R1.5
Mode
Configures to block the message that informs TCP
connection can not be done.
Global
Responds the message again that informs TCP con-
nection is not possible.
Mode
Permits only when transmitted cookies are returned
after sending cookies with SYN.
Global
Disables configuration to permit only when transmitted
cookies are returned after sending cookies with SYN.
User Manual
Description
Description
A50010-Y3-C150-2-7619