beautypg.com

Configuring tcp attributes – H3C Technologies H3C S3600 Series Switches User Manual

Page 130

background image

2-2

Task

Remarks

Enabling Reception of Directed Broadcasts to a
Directly Connected Network

Optional

Disabling ICMP to Send Error Packets

Optional

Canceling the System-Defined ACLs for ICMP
Attack Guard

Optional

Configuring TCP Attributes

TCP optional parameters that can be configured include:

synwait timer: When sending a SYN packet, TCP starts the synwait timer. If no response packets

are received before the synwait timer times out, the TCP connection is not successfully created.

finwait timer: When the TCP connection is changed into FIN_WAIT_2 state, finwait timer will be

started. If no FIN packets are received within the timer timeout, the TCP connection will be

terminated. If FIN packets are received, the TCP connection state changes to TIME_WAIT. If

non-FIN packets are received, the system restarts the timer from receiving the last non-FIN packet.

The connection is broken after the timer expires.

Size of TCP receive/send buffer

Follow these steps to configure TCP attributes:

To do…

Use the command…

Remarks

Enter system view

system-view

Configure TCP synwait timer’s
timeout value

tcp timer syn-timeout
time-value

Optional

75 seconds by default.

Configure TCP finwait timer’s
timeout value

tcp timer fin-timeout
time-value

Optional

675 seconds by default.

Configure the size of TCP
receive/send buffer

tcp window window-size

Optional

8 kilobytes by default.

Enabling Reception of Directed Broadcasts to a Directly Connected Network

Directed broadcasts refer to broadcast packets sent to a specific network. In the destination IP address

of a directed broadcast, the network ID is the ID of network where the receiving interface resides and

the host ID is all-ones. Enabling the device to receive directed broadcasts will give hackers an

opportunity to attack the network, thus bringing forth great potential dangers to the network. Therefore,

the reception of directed broadcasts to a directly connected network is disabled on S3600 series

Ethernet switches by default. However, you should enable the feature when:

Using the UDP Helper function to convert broadcasts to unicasts and forward them to a specified

server.

Using the Wake on LAN function to forward directed broadcasts to a host on the remote network.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: