The gtsm log drop-packet command configures a GTSM-capable switch to record logs when it drops packets.
The undo gtsm log drop-packet command configures a GTSM-capable switch not to record logs when it drops packets.
By default, a GTSM-capable switch does not record logs when dropping packets.
Usage Scenario
For a network demanding higher security, you can configure Generalized TTL Security Mechanism (GTSM) to improve the security of the OSPF network. GTSM defends against attacks by checking the Time-to-Live (TTL) value. If an attacker simulates real OSPF packets and keeps sending them to a device, an interface board on the device receives the packets and directly sends them to the main control board for OSPF processing, without checking the validity of the packets. In this case, the device is busy in processing these packets, causing high usage of the CPU. GTSM function protects the device by checking whether the TTL value in the IP packet header is in a pre-defined range to improve the system security.
GTSM only checks the TTL values of the packets that match the GTSM policy. The packets that do not match the GTSM policy can be allowed or dropped by using the gtsm default-action command.
You can also enable the logging function by using the gtsm log drop-packet command to record the information about dropped packets for further fault location.
Prerequisites
The gtsm default-action drop command has been run.