No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Configuration Guide - IP Service
S1720, S2700, S5700, and S6720 V200R011C10

This document describes the configurations of IP Service, including IP address, ARP, DHCP, DHCP policy VLAN, DNS, mDNS gateway, mDNS relay, UDP Helper, IP performance optimization, IPv6, DHCPv6, IPv6 DNS, IPv6 over IPv4 tunnel, and IPv4 over IPv6 tunnel.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Switch to Discard IP Packets With Expired TTL

Configuring the Switch to Discard IP Packets With Expired TTL


TTL is a field in an IP packet that limits the lifespan of the IP packet on the network. The TTL value is set by the sender, and is reduced by 1 every time the packet passes a device. If a forwarding device receives an IP packet of which the TTL is 0 and the destination address is not the local address, the device discards this packet.

If a device receives many IP packets with TTL value 1, the device may undergo an attack. In this situation, you can enable the device to discard the IP packets with expired TTL. Then the device discards the packets with TTL value 1, but does not send them to the CPU.


  1. Run system-view

    The system view is displayed.

  2. Run ip ttl-expired drop

    The switch is configured to discard IP packets with expired TTL.

    By default, the function of discarding IP packets with expired TTL is disabled.

    Only the S5720SI, S5720S-SI, S5720EI, S5720HI, S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, S6720S-SI, S6720EI, and S6720S-EI support this command.

    After the ip ttl-expired drop command is run, some packets that have the TTL value 1 but need to be processed by the CPU are also discarded. Therefore, after the attack is removed, run the undo ip ttl-expired drop command to disable the device from discarding the IP packets with expired TTL.

Updated: 2020-02-26

Document ID: EDOC1000178170

Views: 275633

Downloads: 1029

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Previous Next