Configuration procedure, Configuring tcp attributes, Configuring tcp mss for the interface – H3C Technologies H3C SecPath F1000-E User Manual
Page 27
16
Figure 10 Network diagram
Configuration procedure
1.
Configure SecPath:
# Configure IP addresses for GigabitEthernet 0/1 and GigabitEthernet 0/2.
[SecPath] interface GigabitEthernet 0/1
[SecPath-GigabitEthernet0/1] ip address 1.1.1.2 24
[SecPath-GigabitEthernet0/1] quit
[SecPath] interface GigabitEthernet 0/2
[SecPath-GigabitEthernet0/2] ip address 2.2.2.2 24
# Enable GigabitEthernet 0/2 to forward directed broadcasts.
[SecPath-GigabitEthernet0/2] ip forward-broadcast
2.
Configure the router:
# Configure a static route to the host.
[Router] ip route-static 1.1.1.1 24 2.2.2.2
# Configure an IP address for GigabitEthernet 0/2.
[Router] interface GigabitEthernet 0/2
[Router-GigabitEthernet0/2] ip address 2.2.2.1 24
[Router-GigabitEthernet0/2] quit
After the configuration, if you ping the subnet broadcast address (2.2.2.255) of interface
GigabitEthernet 0/2 of SecPath on the host, the ping packets can be received by interface
GigabitEthernet 0/2 of the router. However, if you disable the ip forward-broadcast command,
the ping packets cannot be received by interface GigabitEthernet 0/2 of the router.
Configuring TCP attributes
Configuring TCP MSS for the interface
The Max Segment Size (MSS) option informs the receiver of the largest segment that the sender is willing
to accept. Each end announces the MSS it expects to receive during the TCP connection establishment.
The end that receives the MSS value from the other end then limits the size of each TCP segment to be sent.
If the size of a TCP segment is smaller than the MSS of the other end, the TCP segment is sent to the other
end without being fragmented; otherwise, it will be fragmented according to the MSS before being sent.
If you configure a TCP MSS on an interface, the size of each TCP segment received or sent on the
interface cannot exceed the MSS value.
To configure TCP MSS of the interface:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS