icmp with-options drop
Function
The icmp with-options drop command enables the device to discard ICMP packets that carry options.
The undo icmp with-options drop command disables the device from discarding ICMP packets that carry options.
By default, the function of discarding ICMP packets with TTL values of 1 is disabled on the device.
Format
icmp with-options drop { slot slot-id | all }
undo icmp with-options drop { slot slot-id | all }
Only the S5720-EI, S5720-HI, S5720I-SI, S5720S-SI, S5720-SI, S5730-HI, S5730S-EI, S5730-SI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735-S-I, S5735S-S, S6720-EI, S6720-HI, S6720-LI, S6720S-EI, S6720S-LI, S6720S-SI, S6720-SI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this command.
Parameters
Parameter |
Description |
Value |
|---|---|---|
slot slot-id |
The value is an integer. It must be the slot ID of the device that is inserted into the chassis. |
The value is determined based on the device configuration. |
all |
Indicates all the stacking devices. This parameter is used when you need to enable all the devices to discard or disable all the devices from discarding the ICMP packets that carry options. |
- |
Usage Guidelines
When the ping -r command is run to detect network connectivity, the IP packet is forwarded by Layer 3 routing devices. Every Layer 3 device fills its own IP address into the option field of the IP packet. When the IP packet reaches the destination, the ICMP Echo Reply packet should contain the IP addresses of all passing devices, including the devices on the forward and return paths. When the ping program receives the reply packet, it can display the IP addresses of all passing Layer 3 devices.
If the length of IP packet encapsulating the ICMP packet exceeds the interface MTU, this IP packet is fragmented. Only the IP header of the first fragment includes the option field. The fragment carrying the option field is sent to the protocol stack and processed by the CPU.
When malicious attacks are initiated using ICMP packets, the device needs to process a large number of fragments carrying the option field, so the forwarding performance of the device degrades. To reduce impact on the forwarding performance and prevent ICMP packet attacks, you can enable the device to discard the ICMP fragments carrying option fields.