Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
undo icmp port-unreachable send
The AR1200-S is disabled from sending ICMP port-unreachable packets.
By default, the AR1200-S is enabled to send ICMP port-unreachable packets.
Step 3 Run:
interface interface-type interface-number
The interface view is displayed.
The AR1200-S cannot be configured to send the ICMP host-unreachable packets on a Layer 2
interface.
Step 4 Run:
undo icmp host-unreachable send
The interface is disabled from sending the ICMP host-unreachable packets.
By default, the AR1200-S is enabled to send ICMP host-unreachable packets.
----End
Checking the Configuration
# Run the display current-configuration | include icmp command to check whether the
AR1200-S is enabled to send ICMP destination-unreachable packets.
<Huawei> display current-configuration | include icmp
undo icmp port-unreachable send
undo icmp host-unreachable send
7.6 Maintaining ICMP Security
This section describes how to monitor the ICMP running status.
Procedure
l Run the display icmp statistics command to check statistics about ICMP traffic.
----End
Example
# Run the display icmp statistics command to view statistics about ICMP traffic.
<Huawei> display icmp statistics
Input: bad formats 0 bad checksum 0
echo 0 destination unreachable 0
source quench 0 redirects 0
echo reply 0 parameter problem 0
timestamp 0 information request 0
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security 7 ICMP Security Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
156
To Next Page
Loading...
