beautypg.com

Disabling forwarding icmp fragments, Configuring rate limit for icmp error messages, Specifying the source address for icmp packets – H3C Technologies H3C S5560 Series Switches User Manual

Page 146

background image

131

Disabling forwarding ICMP fragments

Disabling forwarding ICMP fragments can protect your device from ICMP fragments attacks.
To disable forwarding ICMP fragments:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Disable forwarding ICMP fragments.

ip icmp fragment discarding

By default, forwarding ICMP
fragments is enabled.

Configuring rate limit for ICMP error messages

To avoid sending excessive ICMP error messages within a short period that might cause network

congestion, you can limit the rate at which ICMP error messages are sent. A token bucket algorithm is

used with one token representing one ICMP error message. Tokens are placed in the bucket at intervals

until the maximum number of tokens that the bucket can hold is reached. Tokens are removed from the
bucket when ICMP error messages are sent. When the bucket is empty, ICMP error messages are not sent

until a new token is placed in the bucket.
To configure rate limit for ICMP error messages:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Set the bucket size and the

interval for tokens to arrive
in the bucket for ICMP

error messages

ip icmp error-interval
milliseconds [ bucketsize ]

By default, the bucket allows a maximum
of 10 tokens, and tokens are placed in
the bucket at the interval of 100

milliseconds.
To disable the ICMP rate limit, set the

interval to 0 milliseconds.

Specifying the source address for ICMP packets

Perform this task to specify the source IP address for outgoing ping echo request and ICMP error

messages. H3C recommends that you specify the IP address of the loopback interface as the source IP

address. This feature helps users to locate the sending device easily.
If you specify an IP address in the ping command, ping echo requests use the specified address as the
source IP address rather than the IP address specified by the ip icmp source command.
To specify the source IP address for ICMP packets:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: