The ipv6 icmp port-unreachable send command enables an interface to send ICMPv6 Port Unreachable messages.
The undo ipv6 icmp port-unreachable send command disables the function.
By default, the enabling status of the function that the interface sends ICMPv6 Port Unreachable messages is the same as that of the function that the system sends ICMPv6 Port Unreachable messages.
When a router receives a TCP6/UDP6 packet but cannot find the corresponding socket entry, the router replies with an ICMPv6 Port Unreachable message. This ICMPv6 error message carries the IPv6 address of the router as its source IPv6 address, which exposes the IPv6 address of the router and brings security risks. If the router is attacked by flooding packets, the router keeps replying with ICMPv6 Port Unreachable messages, causing high CPU usage and affecting device performance. To address this problem, run the undo ipv6 icmp port-unreachable send command on the inbound interface of ICMPv6 packets to disable the transmission of ICMPv6 Port Unreachable message.
PrerequisitesThe IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.
# Enable VLANIF100 to send ICMPv6 Port Unreachable messages.
<HUAWEI> system-view [HUAWEI] ipv6 [HUAWEI] interface vlanif 100 [HUAWEI-Vlanif100] ipv6 enable [HUAWEI-Vlanif100] ipv6 icmp port-unreachable send
# Enable interface GE0/0/1 to send ICMPv6 Port Unreachable messages.
<HUAWEI> system-view [HUAWEI] ipv6 [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] undo portswitch [HUAWEI-GigabitEthernet0/0/1] ipv6 enable [HUAWEI-GigabitEthernet0/0/1] ipv6 icmp port-unreachable send