The icmp receive command enables the system to receive ICMP packets of a specified type.
The undo icmp receive command disables the system from receiving ICMP packets of a specified type.
The clear icmp receive command clears the configurations of the icmp receive and undo icmp receive commands.
By default, the system is enabled to receive ICMP packets.
clear icmp name { echo | echo-reply | net-unreachable | parameter-problem | timestamp-reply | timestamp-request | ttl-exceeded | information-reply | information-request | net-redirect | source-quench } receive
clear icmp name { reassembly-timeout | host-unreachable | host-redirect } receive
clear icmp name { net-tos-redirect | protocol-unreachable } receive
clear icmp name { port-unreachable | host-tos-redirect } receive
clear icmp name fragmentneed-dfset receive
clear icmp name source-route-failed receive
clear icmp type typevalue code codevalue receive
icmp name { echo | echo-reply | net-unreachable | parameter-problem | timestamp-reply | timestamp-request | ttl-exceeded | information-reply | information-request | net-redirect | source-quench } receive
icmp name { reassembly-timeout | host-unreachable | host-redirect } receive
icmp name { net-tos-redirect | protocol-unreachable } receive
icmp name { port-unreachable | host-tos-redirect } receive
icmp name fragmentneed-dfset receive
icmp name source-route-failed receive
icmp type typevalue code codevalue receive
undo icmp name { echo | echo-reply | net-unreachable | parameter-problem | timestamp-reply | timestamp-request | ttl-exceeded | information-reply | information-request | net-redirect | source-quench } receive
undo icmp name { reassembly-timeout | host-unreachable | host-redirect } receive
undo icmp name { net-tos-redirect | protocol-unreachable } receive
undo icmp name { port-unreachable | host-tos-redirect } receive
undo icmp name fragmentneed-dfset receive
undo icmp name source-route-failed receive
undo icmp type typevalue code codevalue receive
| Parameter | Description | Value |
|---|---|---|
| echo |
Enables the device to receive ICMP Echo packets. An ICMP Echo packet is sent to the destination host during a ping operation. The destination host responds with an ICMP Echo Reply packet, indicating that the destination is reachable. |
- |
| echo-reply |
Enables the device to receive ICMP Echo Reply packets. |
- |
| net-unreachable |
Enables the device to receive net-unreachable packets. |
- |
| parameter-problem |
Enables the device to receive parameter-problem packets. |
- |
| timestamp-reply |
Enables the device to receive Timestamp Request packets. |
- |
| timestamp-request |
Enables the device to receive Timestamp Reply packets. |
- |
| ttl-exceeded |
Enables the device to receive ICMP TTL Exceeded packets. |
- |
| information-reply |
Enables the device to receive Information Request packets. |
- |
| information-request |
Enables the device to receive net-redirect packets. |
- |
| net-redirect |
Enables the device to receive net-unreachable packets. |
- |
| source-quench |
Enables the device to receive source-quench packets. |
- |
| name |
Enables the system to receive ICMP packets with a name. |
- |
| reassembly-timeout |
Enables the device to receive reassembly-timeout packets. |
- |
| host-unreachable |
Enables the device to receive ICMP host-unreachable packets. |
- |
| host-redirect |
Enables the device to receive reassembly-timeout packets. |
- |
| net-tos-redirect |
Enables the device to receive net-tos-redirect packets. |
- |
| protocol-unreachable |
Enables the device to receive protocol-unreachable packets. |
- |
| port-unreachable |
Enables the device to receive ICMP port-unreachable packets. |
- |
| host-tos-redirect |
Enables the device to receive host-tos-redirect packets. |
- |
| fragmentneed-dfset |
Enables the device to receive fragmentneed-DFset packets. |
- |
| source-route-failed |
Enables the device to receive source-route-failed packets. |
- |
| type typevalue |
Enables the system to receive ICMP packets with a specified type. |
The value is an integer ranging from 0 to 255. You can run the icmp name ? command in the system view or interface view to view the mappings between the ICMP packet name, type, and code. |
| code codevalue |
Enables the system to receive ICMP packets with a specified code. |
The value is an integer ranging from 0 to 255. You can run the icmp name ? command in the system view or interface view to view the mappings between the ICMP packet name, type, and code. |
Usage Scenario
In normal situations, the system can properly receive ICMP packets. In case of heavy network traffic, if hosts or ports are frequently unreachable, routers receive a large number of ICMP packets, which causes heavy traffic burden and performance deterioration. In addition, network attackers often use ICMP error packets to spy on the internal structure of the network.
To improve network performance and security, run the undo icmp receive command to disable the system from receiving ICMP packets of a specified type. If you want to restore the default configuration and the display this command output does not contain the icmp receive or undo icmp receive command configuration, run the clear icmp receive command.Configuration Impact
After the system is disabled from receiving ICMP packets, the system collects only statistics about discarded packets.
Precautions
In normal network conditions, you can run the icmp receive command to restore the function to receive ICMP packets.