No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Service

S2720, S5700, and S6720 V200R013C00

This document describes the configurations of IP Service, including IP address, ARP, DHCP, DHCP policy VLAN, DNS, mDNS gateway, mDNS relay, UDP Helper, IP performance optimization, IPv6, DHCPv6, IPv6 DNS, IPv6 over IPv4 tunnel, and IPv4 over IPv6 tunnel.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Switch to Discard IP Packets with Options

Configuring the Switch to Discard IP Packets with Options

Context

IP packets can carry route options including the route-alert option, route-record option, source-route option, and timestamp option. These route options are used to diagnose network paths and temporarily transmit special services. These options, however, may be used by attackers to spy on the network structure for initiating attacks, degrading network security and switch performance. To solve this problem, you can configure the switch to discard the IP packets that carry the route options.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. (Optional) On an Ethernet interface, run undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.
    NOTE:

    Only the S5720EI, S5720HI, S5730HI, S6720EI, S6720HI, and S6720S-EI support switching between Layer 2 and Layer 3 modes.

  4. Do as follows according to different route options in IP packets:

    • Run discard ra

      The interface is configured to discard IP packets with route-alert options.

    • Run discard rr

      The interface is configured to discard IP packets with record-route options.

    • Run discard srr

      The interface is configured to discard IP packets with source-route options.

    • Run discard ts

      The interface is configured to discard IP packets with time-stamp options.

    By default, the device processes packets sent to the CPU based on route options contained in these packets.

    NOTE:

    The discard { ra | rr | srr | ts } command only takes effect for the packets on inbound interfaces.

    The discard { ra | rr | srr | ts } command only takes effect for packets sent to the CPU. For packets that are not sent to the CPU, the device processes and forwards them using the same method of processing packets without route options regardless of whether the discard { ra | rr | srr | ts } command is configured or not.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100065678

Views: 34634

Downloads: 253

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next