Disabling icmp to send error packets – H3C Technologies H3C S3100 Series Switches User Manual

Page 115

Advertising
background image

2-2

Table 2-2 Configure TCP attributes

Operation

Command

Remarks

Enter system view

system-view

Configure TCP synwait timer’s
timeout value

tcp timer syn-timeout
time-value

Optional

By default, the timeout value is
75 seconds.

Configure TCP finwait timer’s
timeout value

tcp timer fin-timeout
time-value

Optional

By default, the timeout value is
675 seconds.

Configure the size of TCP
receive/send buffer

tcp window window-size

Optional

By default, the buffer is 8
kilobytes.

Disabling ICMP to Send Error Packets

Sending error packets is a major function of ICMP protocol. In case of network abnormalities, ICMP

packets are usually sent by the network or transport layer protocols to notify corresponding devices so

as to facilitate control and management.

By default, S3100 Series Ethernet Switches support sending ICMP redirect and destination

unreachable packets.

Although sending ICMP error packets facilitate control and management, it still has the following

disadvantages:

z

Sending a lot of ICMP packets will increase network traffic.

z

If receiving a lot of malicious packets that cause it to send ICMP error packets, the device’s

performance will be reduced.

z

As the ICMP redirection function increases the routing table size of a host, the host’s performance

will be reduced if its routing table becomes very large.

z

If a host sends malicious ICMP destination unreachable packets, end users may be affected.

You can disable the device from sending such ICMP error packets for reducing network traffic and

preventing malicious attacks.

Table 2-3 Disable sending ICMP error packets

Operation

Command

Remarks

Enter system view

system-view

Disable sending ICMP redirects undo icmp redirect send

Required

Enabled by default

Disable sending ICMP
destination unreachable
packets

undo icmp unreach send

Required

Enabled by default

Displaying and Maintaining IP Performance Configuration

After the above configurations, you can execute the display command in any view to display the

running status to verify your IP performance configuration.

Advertising
Popular Brands
Popular manuals