< Home

Configuring ICMP Attributes

This section describes how to control the ICMP error packet sending function to prevent ICMP error packet attacks.

Context

Generally, ICMP error packets are used by network-layer or transport-layer protocols to notify the device of anomalies for control and management.

ICMP error packets include ICMP redirect, port unreachable, host unreachable, and timeout packets.

If the function for sending ICMP timeout packets is disabled, the device will not send ICMP timeout packets whose TTL times out, but will send the ICMP timeout packets whose reassembly times out.

Procedure

  1. Access the system view.

    system-view

  2. Enable the fast ICMP reply function.

    icmp echo-reply fast enable

    By default, this function is disabled.

  3. Enable the function for sending ICMP redirect packets.

    icmp redirect send

    By default, this function is disabled.

  4. Enable the function for sending ICMP host unreachable packets.

    icmp host-unreachable send

    By default, this function is disabled.

  5. Enable the function for sending ICMP timeout packets.

    icmp ttl-exceeded send

    By default, this function is disabled.

  6. Display the specified interface view.

    interface interface-type interface-number

  7. Enable the function for sending ICMP port unreachable packets.

    icmp port-unreachable send

    By default, this function is enabled.

Parent Topic: Improving IPv4 Performance
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >