Foundry Networks Switch and Router Installation And Configuration Manual page 480

Foundry Switch and Router Installation and Configuration Guide
USING THE CLI
To disable response to broadcast ICMP echo packets (ping requests), enter the following command:
BigIron(config)# no ip icmp echo broadcast-request
Syntax: [no] ip icmp echo broadcast-request
If you need to re-enable response to ping requests, enter the following command:
BigIron(config)# ip icmp echo broadcast-request
USING THE WEB MANAGEMENT INTERFACE
You cannot disable ICMP Echo replies using the Web management interface.
Disabling ICMP Destination Unreachable Messages
By default, when a Foundry device receives an IP packet that the device cannot deliver, the device sends an
ICMP Unreachable message back to the host that sent the packet. You can selectively disable a Foundry device's
response to the following types of ICMP Unreachable messages:
• Administration – The packet was dropped by the Foundry device due to a filter or ACL configured on the
device.
• Fragmentation-needed – The packet has the Don't Fragment bit set in the IP Flag field, but the Foundry
device cannot forward the packet without fragmenting it.
• Host – The destination network or sub-net of the packet is directly connected to the Foundry device, but the
host specified in the destination IP address of the packet is not on the network.
• Network – The Foundry device cannot reach the network specified in the destination IP address of the packet.
• Port – The destination host does not have the destination TCP or UDP port specified in the packet. In this
case, the host sends the ICMP Port Unreachable message to the Foundry device, which in turn sends the
message to the host that sent the packet.
• Protocol – The TCP or UDP protocol on the destination host is not running. This message is different from
the Port Unreachable message, which indicates that the protocol is running on the host but the requested
protocol port is unavailable.
• Source-route-failure – The device received a source-routed packet but cannot locate the next-hop IP address
indicated in the packet's Source-Route option.
You can disable the Foundry device from sending these types of ICMP messages on an individual basis. To do
so, use the following CLI method.
NOTE: Disabling an ICMP Unreachable message type does not change the Foundry device's ability to forward
packets. Disabling ICMP Unreachable messages prevents the device from generating or forwarding the
Unreachable messages.
USING THE CLI
To disable all ICMP Unreachable messages, enter the following command:
BigIron(config)# no ip icmp unreachable
Syntax: [no] ip icmp unreachable [network | host | protocol | administration | fragmentation-needed | port |
source-route-fail]
• If you enter the command without specifying a message type (as in the example above), all types of ICMP
Unreachable messages listed above are disabled. If you want to disable only specific types of ICMP
Unreachable messages, you can specify the message type. To disable more than one type of ICMP
message, enter the no ip icmp unreachable command for each messages type.
• The network parameter disables ICMP Network Unreachable messages.
• The host parameter disables ICMP Host Unreachable messages.
• The protocol parameter disables ICMP Protocol Unreachable messages.
15 - 38 December 2000