Icmp packet processing, Udp-forwarding commands – Extreme Networks 200 Series User Manual

206

Summit 200 Series Switch Installation and User Guide

IP Unicast Routing

ICMP Packet Processing

As ICMP packets are routed or generated, you can take various actions to control distribution. For
ICMP packets typically generated or observed as part of the routing function, you can assert control on
a per-type, per-VLAN basis. You would alter the default settings for security reasons: to restrict the
success of tools that can be used to find an important application, host, or topology information. The
controls include the disabling of transmitting ICMP messages associated with unreachables,
port-unreachables, time-exceeded, parameter-problems, redirects, time-stamp, and address-mask
requests.

For ICMP packets that are typically routed, you can apply access lists to restrict forwarding behavior.
Access lists are described in Chapter 9.

UDP-Forwarding Commands

Table 60 describes the commands used to configure UDP-forwarding.

Table 60: UDP-Forwarding Commands

Command

Description

config udp-profile <profile_name> add <udp_port>
[vlan <name> | ipaddress <dest_ipaddress>]

Adds a forwarding entry to the specified
UDP-forwarding profile name. All
broadcast packets sent to

<udp_port>

are forwarded to either the destination IP
address (unicast or subnet directed
broadcast) or to the specified VLAN as an
all-ones broadcast.

config udp-profile <profile_name> delete
<udp_port> [vlan <name> | ipaddress
<dest_ipaddress>]

Deletes a forwarding entry from the
specified

udp-profile

name.

config vlan <name> udp-profile <profile_name>

Assigns a UDP-forwarding profile to the
source VLAN. Once the UDP profile is
associated with the VLAN, the switch picks
up any broadcast UDP packets that
matches with the user configured UDP
port number, and forwards those packets
to the user-defined destination. If the UDP
port is the DHCP/BOOTP port number,
appropriate DHCP/BOOTP proxy functions
are invoked.

create udp-profile <profile_name>

Creates a UDP-forwarding profile. You
must use a unique name for the
UDP-forwarding profile.

delete udp-profile <profile_name>

Deletes a UDP-forwarding profile.

show udp-profile {<profile_name>}

Displays the profile names, input rules of
UDP port, destination IP address, or VLAN
and the source VLANs to which the profile
is applied.

unconfig udp-profile vlan [<name> | all]

Removes the UDP-forwarding profile
configuration for one or all VLANs.