Section 19.2.8, Hint, 8 control sending of icmp redirect – Westermo RedFox Series User Manual
Page 407
Westermo OS Management Guide
Version 4.17.0-0
but the Web server has been disabled, the same fall-back solution is triggered.
Hint
From security standpoint it is recommended to separate the management
interface from the upstream WAN interfaces, but also from interface vlan1
since it is also the fallback interface in WeOS.
E.g., use interface vlan1 as a LAN interface, with high interface distance,
and interface vlan2 as the upstream WAN interface, with distance 1.
If you, e.g., remove the unrelated VLAN 3 without assigning its ports to any
other VLAN, then WeOS will automatically place them as untagged in VLAN
1, the default/fallback VLAN. In most cases you do not want those ports
ending up on the upstream side . . .
19.2.8
Control Sending of ICMP Redirect
A WeOS router is able to send ICMP Redirect messages when it receives IP packets
which could have been routed more optimal. The topology shown in
can
be used to illustrate a situation where ICMP Redirect is useful.
H1
R2
H2
R1
192.168.2.0/24
192.168.1.0/24
optimal
path
Internet/Intranet
Figure 19.3: Example where ICMP Redirect is useful.
Assume that Host 1 (H1) wishes to communicate with Host 2, and that H1 (only)
knows about its local subnet (192.168.1.0/24) and its default route pointing to
➞ 2015 Westermo Teleindustri AB
407