Disabling Forwarding Icmp Fragments - HP 6125XLG Configuration Manual
Blade switch layer 3 - ip services
Hide thumbs
Also See for 6125XLG:
- Layer 3 - ip routing configuration manual (492 pages) ,
- Command reference manual (466 pages) ,
- Configuration manual (414 pages)
Table of Contents
Advertisement
If a packet does not match any route and there is no default route in the routing table, the device
sends a Network Unreachable ICMP error packet to the source.
If a packet is destined for the device but the transport layer protocol of the packet is not
supported by the device, the device sends a Protocol Unreachable ICMP error packet to the
source.
If a UDP packet is destined for the device but the packet's port number does not match the
corresponding process, the device sends the source a Port Unreachable ICMP error packet.
If the source uses Strict Source Routing to send packets, but the intermediate device finds that the
next hop specified by the source is not directly connected, the device sends the source a Source
Routing Failure ICMP error packet.
If the MTU of the sending interface is smaller than the packet and the packet has DF set, the
device sends the source a Fragmentation Needed and DF-set ICMP error packet.
To enable sending ICMP error packets:
Step
1.
Enter system view.
2.
Enable sending ICMP
error packets.
Sending ICMP error packets facilitates network management, but sending excessive ICMP packets
increases network traffic. A device's performance degrades if it receives a lot of malicious ICMP packets
that cause it to respond with ICMP error packets.
To prevent such problems, you can disable the device from sending ICMP error packets. A device
disabled from sending ICMP time-exceeded packets does not send ICMP TTL Expired packets but can still
send ICMP Fragment Reassembly Timeout packets.
Disabling forwarding ICMP fragments
Disabling forwarding ICMP fragments can protect your device from ICMP fragments attacks.
To disable forwarding ICMP fragments:
Step
1.
Enter system view.
2.
Disable forwarding ICMP fragments.
Command
system-view
•
Enable sending ICMP redirect packets:
ip redirects enable
•
Enable sending ICMP time-exceeded
packets:
ip ttl-expires enable
•
Enable sending ICMP destination
unreachable packets:
ip unreachables enable
Command
system-view
ip icmp fragment discarding
112
Remarks
N/A
The default settings are
disabled.
Remarks
N/A
By default, forwarding ICMP
fragments is enabled.
Advertisement
Table of Contents
Troubleshooting
