C613-50631-01 Rev A Command Reference for IE340 Series 989
AlliedWare Plus™ Operating System - Version 5.5.3-0.x
IPV6 COMMANDS
IPV
6 UNREACHABLES
ipv6 unreachables
Overview Use this command to enable ICMPv6 (Internet Control Message Protocol version 6)
type 1, destination unreachable, messages.
Use the no variant of this command to disable destination unreachable messages.
This prevents an attacker from using these messages to discover the topology of a
network.
Syntax
ipv6 unreachables
no ipv6 unreachables
Default Destination unreachable messages are enabled by default.
Mode Global Configuration
Usage notes When a device receives a packet for a destination that is unreachable it returns an
ICMPv6 type 1 message. This message includes a reason code, as per the table
below. An attacker can use these messages to obtain information regarding the
topology of a network. Disabling destination unreachable messages, using the no
ipv6 unreachables command, secures your network against this type of probing.
NOTE: Disabling ICMPv6 destination unreachable messages breaks applications such
as traceroute, which depend on these messages to operate correctly.
Example To disable destination unreachable messages, use the commands
awplus# configure terminal
awplus(config)# no ipv6 unreachables
To enable destination unreachable messages, use the commands
awplus# configure terminal
awplus(config)# ipv6 unreachables
Table 24-1: ICMPv6 type 1 reason codes and description
Code Description [RFC]
0 No route to destination [RFC4443]
1 Communication with destination administratively prohibited [RFC4443]
2 Beyond scope of source address [RFC4443]
3 Address unreachable [RF4443]
4 Port unreachable [RFC4443]
5 Source address failed ingress/egress policy [RFC4443]
6 Reject route to destination [RFC4443
7 Error in Source Routing Header [RFC6554]
To Next Page
Loading...
Need help?
General
