Disabling Icmp To Send Error Packets - H3C S5600 Series Operation Manual

Operation Manual – IP Address and Performance
H3C S5600 Series Ethernet Switches
Using the UDP Helper function to convert broadcasts to unicasts and forward
them to a specified server.
Using the Wake on LAN function to forward directed broadcasts to a host on the
remote network.
Follow these steps to enable the switch to receive and Forwarding directed broadcasts:
Enter system view
Enable the device to
receive directed
broadcasts
Enter VLAN interface view
Enable the device to
forward directed
broadcasts

2.2.4 Disabling ICMP to Send Error Packets

Sending error packets is a major function of ICMP protocol. In case of network
abnormalities, ICMP packets are usually sent by the network or transport layer
protocols to notify corresponding devices so as to facilitate control and management.
Although sending ICMP error packets facilitate control and management, it still has the
following disadvantages:
Sending a lot of ICMP packets will increase network traffic.
If receiving a lot of malicious packets that cause it to send ICMP error packets, the
device's performance will be reduced.
As the ICMP redirection function increases the routing table size of a host, the
host's performance will be reduced if its routing table becomes very large.
If a host sends malicious ICMP destination unreachable packets, end users may
be affected.
You can disable the device from sending such ICMP error packets for reducing network
traffic and preventing malicious attacks.
Follow these steps to disable sending ICMP error packets:
Enter system view
Disable sending ICMP
redirects
To do...
system-view
ip forward-broadcast
interface Vlan-interface
vlan-id
ip forward-broadcast
[ acl-number ]
To do...
system-view
undo icmp redirect send
Chapter 2 IP Performance Configuration
Use the command...
Use the command...
2-3
Remarks
—
Required
Disabled by default.
—
Required
Disabled by default.
Remarks
—
Required
Enabled by default.