When the network is running properly, switches can properly receive Internet Control Message Protocol version 6 (ICMPv6) packets. If hosts or ports are frequently unreachable when traffic on the network is heavy, switches receive a large number of ICMPv6 packets, increasing the network traffic load and degrading switch performance. In addition, attackers often use ICMPv6 error packets to probe into the internal network topology.
To improve network performance and security, disable switches from receiving ICMPv6 Echo Reply, Host Unreachable, and Port Unreachable packets.
Disable switches from receiving ICMPv6 Echo Reply, Host Unreachable, and Port Unreachable packets.
<HUAWEI> system-view [HUAWEI] undo ipv6 icmp echo-reply receive [HUAWEI] undo ipv6 icmp port-unreachable receive [HUAWEI] undo ipv6 icmp host-unreachable receive
When the network is in good condition and switches need to process ICMPv6 packets, enable them to receive ICMPv6 packets.
<HUAWEI> system-view [HUAWEI] ipv6 icmp all receive