CX11x, CX31x, CX710 (Earlier Than V6.03) , and CX91x Series Switch Modules V100R001C10 Command Reference 17
This document provides the configuration commands of each feature supported by the CX11x&CX31x&CX91x series switches module, including the syntax, view, default level, description, parameters, usage guideline, related commands, and example of each command.
This document provides the configuration commands of each feature supported by the CX11x&CX31x&CX91x series switches module, including the syntax, view, default level, description, parameters, usage guideline, related commands, and example of each command.
icmp send enable (interface view)
Function
The icmp send enable command enables an interface to send ICMP packets.
The undo icmp send enable command restores the default setting.
By default, the enabling status of the function that the interface sends ICMP packets is the same as that of the function that the system sends ICMP packets.
Format
icmp { name { echo | echo-reply | fragmentneed-dfset | host-redirect | host-tos-redirect | host-unreachable | information-reply | information-request | net-redirect | net-tos-redirect | net-unreachable | parameter-problem | port-unreachable | protocol-unreachable | reassembly-timeout | source-quench | source-route-failed | timestamp-reply | timestamp-request | ttl-exceeded } | type type code code } send enable
undo icmp { name { echo | echo-reply | fragmentneed-dfset | host-redirect | host-tos-redirect | host-unreachable | port-unreachable | information-reply | information-request | net-redirect | net-tos-redirect | net-unreachable | parameter-problem | port-unreachable | protocol-unreachable | reassembly-timeout | source-quench | source-route-failed | timestamp-reply | timestamp-request | ttl-exceeded } | type type code code } send enable
Parameters
| Parameter | Description | Value |
|---|---|---|
| name | Enables the system to send ICMP packets which are specified by the name. | - |
| echo | Enables the system to send ICMP Echo Request packets. An ICMP Echo Request packet is sent to the destination host during the ping operation. Then, the destination host responds with an Echo Reply packet, indicating that the destination is reachable. | - |
| echo-reply | Enables the system to send ICMP Echo Reply packets. | - |
| fragmentneed-dfset | Enables the system to send fragments of packets with the df field set to 1. | - |
| host-redirect | Enables the system to send host redirect packets. | - |
| host-tos-redirect | Enables the system to send host TOS redirect packets. | - |
| host-unreachable | Enables the system to send ICMP Host-unreachable packets. | - |
| information-reply | Enables the system to send information-reply packets. | - |
| information-request | Enables the system to send information-request packets. | - |
| net-redirect | Enables the system to send net-redirect packets. | - |
| net-tos-redirect | Enables the system to send net-tos-redirect packets. | - |
| net-unreachable | Enables the system to send net-unreachable packets. | - |
| parameter-problem | Enables the system to send parameter-problem packets. | - |
| port-unreachable | Enables the system to send ICMP Port-unreachable packets. | - |
| protocol-unreachable | Enables the system to send protocol-unreachable packets. | - |
| reassembly-timeout | Enables the system to send reassembly-timeout packets. | - |
| source-quench | Enables the system to send source-quench packets. | - |
| source-route-failed | Enables the system to send source-route-failed packets. | - |
| timestamp-reply | Enables the system to send timestamp-request packets. | - |
| timestamp-request | Enables the system to send timestamp-reply packets. | - |
| ttl-exceeded | Enables the system to send ICMP TTL-exceeded packets. | - |
| type type code code | Enables the system to send ICMP packets which are specified by the type and code. | type: The value ranges from 0 to 255. code: The value ranges from 0 to 255. Table 6-52 shows the relationship between ICMP name and the corresponding type and code. |
| name | type | code |
|---|---|---|
echo |
8 |
0 |
echo-reply |
0 |
0 |
fragmentneed-dfset |
3 |
4 |
host-redirect |
5 |
1 |
host-tos-redirect |
5 |
3 |
host-unreachable |
3 |
1 |
information-reply |
16 |
0 |
information-request |
15 |
0 |
net-redirect |
5 |
0 |
net-tos-redirect |
5 |
2 |
net-unreachable |
3 |
0 |
parameter-problem |
12 |
0 |
port-unreachable |
3 |
3 |
protocol-unreachable |
3 |
2 |
reassembly-timeout |
11 |
1 |
source-quench |
4 |
0 |
source-route-failed |
3 |
5 |
timestamp-reply |
14 |
0 |
timestamp-request |
13 |
0 |
ttl-exceeded |
11 |
0 |
Views
GE interface view, 10GE interface view, 40GE interface view, Eth-Trunk interface view, VLANIF interface view, loopback interface view, Tunnel interface view
Usage Guidelines
In normal situations, devices send a proper volume of ICMP packets. In the case of heavy traffic on the network, if hosts or ports are frequently unreachable, devices send a large number of ICMP packets, which causes heavier traffic burdens over the network and degrades the performance of devices. In addition, network attackers often make use of ICMP error packets to spy on the internal structure of the network. To improve network performance and enhance network security, you can run the icmp send disable (interface view) command to disable the interface from sending ICMP packets to prevent attacks that make use of ICMP packets.
You can run the icmp send enable command to enable the interface to send ICMP redirect packets.
Example
# Enable VLANIF 100 to send ICMP Host-unreachable packets.
<HUAWEI> system-view [~HUAWEI] interface vlanif 100 [*HUAWEI-Vlanif100] icmp name host-unreachable send enable
# Enable 10GE1/17/1 to send ICMP Host-unreachable packets.
<HUAWEI> system-view [~HUAWEI] interface 10ge 1/17/1 [~HUAWEI-10GE1/17/1] undo portswitch [*HUAWEI-10GE1/17/1] icmp name host-unreachable send enable