Enabling sending icmpv6 time exceeded messages – H3C Technologies H3C S12500 Series Switches User Manual

Page 169

Advertising
background image

155

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable replying to multicast

echo requests.

ipv6 icmpv6 multicast-echo-reply
enable

Disabled by default.

Enabling sending ICMPv6 time exceeded messages

A switch sends out an ICMPv6 Time Exceeded message in the following cases:

If a received IPv6 packet’s destination IP address is not a local address and its hop limit is 1, the
switch sends an ICMPv6 Hop Limit Exceeded message to the source.

Upon receiving the first fragment of an IPv6 datagram with the destination IP address being the
local address, the switch starts a timer. If the timer expires before all the fragments arrive, an

ICMPv6 Fragment Reassembly Timeout message is sent to the source.

If large amounts of malicious packets are received, the performance of a switch degrades greatly
because it has to send back ICMP Time Exceeded messages. You can disable sending ICMPv6 Time

Exceeded messages.
To enable sending ICMPv6 time exceeded messages:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable sending ICMPv6 Time
Exceeded messages.

ipv6 hoplimit-expires enable

Optional.
Enabled by default.

Enabling sending ICMPv6 destination unreachable messages

If the device fails to forward a received IPv6 packet due to one of the following reasons, it drops the

packet and sends a corresponding ICMPv6 Destination Unreachable error message to the source.

If the device fails to resolve the corresponding link layer address of the destination IPv6 address, the
device sends the source an "address unreachable" ICMPv6 error message.

If the packet with the destination being local and transport layer protocol being UDP and the
packet’s destination port number does not match the running process, the device sends the source

a "port unreachable" ICMPv6 error message.

If an attacker sends abnormal traffic that causes the device to generate ICMPv6 destination unreachable

messages, end users might be affected. To prevent such attacks, you can disable the device from sending

ICMPv6 destination unreachable messages.
To enable sending ICMPv6 destination unreachable messages:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable sending ICMPv6 destination

unreachable messages.

ipv6 unreachables enable

Disabled by default.

Advertising
This manual is related to the following products:

H3C S9500E Series Switches, H3C MSR 5600, H3C MSR 50, H3C MSR 3600, H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900, H3C SecPath F5020, H3C SecPath F5040, H3C VMSG VFW1000

Popular Brands
Popular manuals