CX11x, CX31x, CX710 (Earlier Than V6.03) , and CX91x Series Switch Modules V100R001C10 Command Reference 17
This document provides the configuration commands of each feature supported by the CX11x&CX31x&CX91x series switches module, including the syntax, view, default level, description, parameters, usage guideline, related commands, and example of each command.
This document provides the configuration commands of each feature supported by the CX11x&CX31x&CX91x series switches module, including the syntax, view, default level, description, parameters, usage guideline, related commands, and example of each command.
icmp receive disable (interface view)
Function
The icmp receive disable command disables an interface from receiving ICMP packets.
The undo icmp receive disable command restores the default setting.
By default, the enabling status of the function that the interface receives ICMP packets is the same as that of the function that the system receives ICMP packets.
Format
icmp { name { echo | echo-reply | fragmentneed-dfset | host-redirect | host-tos-redirect | host-unreachable | information-reply | information-request | net-redirect | net-tos-redirect | net-unreachable | parameter-problem | port-unreachable | protocol-unreachable | reassembly-timeout | source-quench | source-route-failed | timestamp-reply | timestamp-request | ttl-exceeded } | type type code code } receive disable
undo icmp { name { echo | echo-reply | fragmentneed-dfset | host-redirect | host-tos-redirect | host-unreachable | port-unreachable | information-reply | information-request | net-redirect | net-tos-redirect | net-unreachable | parameter-problem | port-unreachable | protocol-unreachable | reassembly-timeout | source-quench | source-route-failed | timestamp-reply | timestamp-request | ttl-exceeded } | type type code code } receive disable
Parameters
| Parameter | Description | Value |
|---|---|---|
| name | Enables an interface to receive a specified type of ICMP packets. | - |
| echo | Enables an interface to receive ICMP Echo Request packets. An ICMP Echo Request packet is sent to the destination host during the ping operation. Then, the destination host responds with an Echo Reply packet, indicating that the destination is reachable. | - |
| echo-reply | Enables an interface to receive ICMP Echo Reply packets. | - |
| fragmentneed-dfset | Enables an interface to receive fragments of packets with the df field set to 1. | - |
| host-redirect | Enables an interface to receive host-redirect packets. | - |
| host-tos-redirect | Enables an interface to receive host-tos-redirect packets. | - |
| host-unreachable | Enables an interface to receive ICMP Host-unreachable packets. | - |
| information-reply | Enables an interface to receive information-reply packets. | - |
| information-request | Enables an interface to receive information-request packets. | - |
| net-redirect | Enables an interface to receive net-redirect packets. | - |
| net-tos-redirect | Enables an interface to receive net-tos-redirect packets. | - |
| net-unreachable | Enables an interface to receive net-unreachable packets. | - |
| parameter-problem | Enables an interface to receive parameter-problem packets. | - |
| port-unreachable | Enables an interface to receive ICMP Port-unreachable packets. | - |
| protocol-unreachable | Enables an interface to receive protocol-unreachable packets. | - |
| reassembly-timeout | Enables an interface to receive reassembly-timeout packets. | - |
| source-quench | Enables an interface to receive source-quench packets. | - |
| source-route-failed | Enables an interface to receive source-route-failed packets. | - |
| timestamp-reply | Enables an interface to receive timestamp-request packets. | - |
| timestamp-request | Enables an interface to receive timestamp-reply packets. | - |
| ttl-exceeded | Enables an interface to receive ICMP TTL-exceeded packets. | - |
| type type code code | Enables an interface to receive ICMP packets of the specified type and code. | type: The value is an integer that ranges from 0 to 255. code: The value is an integer ranging from 0 to 255. Table 6-48 describes the mappings between ICMP packets and values of type and code. |
| name | type | code |
|---|---|---|
echo |
8 |
0 |
echo-reply |
0 |
0 |
fragmentneed-dfset |
3 |
4 |
host-redirect |
5 |
1 |
host-tos-redirect |
5 |
3 |
host-unreachable |
3 |
1 |
information-reply |
16 |
0 |
information-request |
15 |
0 |
net-redirect |
5 |
0 |
net-tos-redirect |
5 |
2 |
net-unreachable |
3 |
0 |
parameter-problem |
12 |
0 |
port-unreachable |
3 |
3 |
protocol-unreachable |
3 |
2 |
reassembly-timeout |
11 |
1 |
source-quench |
4 |
0 |
source-route-failed |
3 |
5 |
timestamp-reply |
14 |
0 |
timestamp-request |
13 |
0 |
ttl-exceeded |
11 |
0 |
Views
GE interface view, 10GE interface view, 40GE interface view, Eth-Trunk interface view, VLANIF interface view, loopback interface view, Tunnel interface view
Usage Guidelines
Usage Scenario
In normal situations, interfaces receive a proper volume of ICMP packets. In the case of heavy traffic on the network, if hosts or ports are frequently unreachable, switches receive a large number of ICMP packets, which causes heavier traffic burdens over the network and degrades the performance of switches. In addition, network attackers often use ICMP error packets to spy on the internal structure of the network.
To improve network performance and enhance network security, run the icmp receive disable (interface view) command to disable an interface from receiving ICMP packets to prevent attacks that use ICMP packets.
Precautions
If the network status is normal and the interface is required to receive ICMP packets, you can run the icmp receive enable (interface view) command.
Example
# Disable VLANIF 100 from receiving ICMP Host Unreachable packets.
<HUAWEI> system-view [~HUAWEI] interface vlanif 100 [*HUAWEI-Vlanif100] icmp name host-unreachable receive disable
# Disable 10GE1/17/1 from receiving ICMP Host Unreachable packets.
<HUAWEI> system-view [~HUAWEI] interface 10ge 1/17/1 [~HUAWEI-10GE1/17/1] undo portswitch [*HUAWEI-10GE1/17/1] icmp name host-unreachable receive disable