The ipv6 icmp receive command enables the system to accept ICMPv6 packets.
The undo ipv6 icmp receive command disables the system from accepting ICMPv6 packets.
By default, the system accepts ICMPv6 packets.
ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } receive
undo ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } receive
| Parameter | Description | Value |
|---|---|---|
| icmpv6-type | Type of ICMPv6 packets | - |
| icmpv6-code | Code of ICMPv6 packets | - |
| icmpv6-name | Name of ICMPv6 packets | - |
| all | All ICMPv6 packets | - |
| echo | ECHO packets | - |
| echo-reply | ECHO response packets | - |
| err-header-field | A packet generated in response to a packet with an error header | - |
| frag-time-exceeded | A packet generated in response to a fragmentation-timeout packet | - |
| hop-limit-exceeded | A packet generated in response to a packet with a large hop number | - |
| host-admin-prohib | A packet generated in response to a packet that is rejected by a host | - |
| host-unreachable | A packet generated in response to a packet that cannot be delivered to the host | - |
| neighbor-advertisement | Neighbor advertisement packets | - |
| neighbor-solicitation | Neighbor solicitation packets | - |
| network-unreachable | A packet generated in response to a packet that cannot be delivered to the destination | - |
| packet-too-big | A packet generated in response to a large-size error packet | - |
| port-unreachable | A packet generated in response to a packet that cannot be delivered to the port | - |
| redirect | Redirected packets | - |
| router-advertisement | Router advertisement packets | - |
| router-solicitation | Router solicitation packets | - |
| unknown-ipv6-opt | A packet generated in response to a packet with unknown options | - |
| unknown-next-hdr | A packet generated in response to a packet with unknown next header | - |
Usage Scenario
When the network is in good performance, routing devices will receive a proper number of ICMPv6 packets, however, when network traffic load is heavy and host unreachable or port unreachable events frequently occur, routing devices will receive a large number of ICMPv6 packets, which burdens the network and the performance of the routing devices deteriorates. In addition, attackers may use ICMPv6 error packets to probe the internal network topology.
To improve network performance and security, the undo ipv6 icmp receive command can be used to disable the system from accepting ICMPv6 response packets, packets in response to host-unreachable packets, and packets in response to port-unreachable packets.
Configuration Impact
After the undo ipv6 icmp receive command is run, the main interface is disabled from processing the ICMPv6 packets, and the system does not collect statistics about the ICMPv6 response packets, packets in response to host-unreachable packets, and packets in response to port-unreachable packets. Only the total number of the discarded packets are collected.
Precautions
When the network is in good performance, the ipv6 icmp receive command can be used to enable the system to accept ICMPv6 packets.