Filter
Top Products
Configuring IP
You can selectively disable the following types of Internet Control Message Protocol (ICMP) messages:
• Echo messages (ping messages) – The routing switch replies to IP pings from other IP devices.
• Destination Unreachable messages – If the routing switch receives an IP packet that it cannot deliver to its
destination, the routing switch discards the packet and sends a message back to the device that sent the
packet to the routing switch. The message informs the device that the destination cannot be reached by the
routing switch.
Disabling Replies to Broadcast Ping Requests
By default, HP devices are enabled to respond to broadcast ICMP echo packets, which are ping requests. You
can disable response to ping requests on a global basis using the following CLI method.
USING THE CLI
To disable response to broadcast ICMP echo packets (ping requests), enter the following command:
HP9300(config)# no ip icmp echo broadcast-request
Syntax: [no] ip icmp echo broadcast-request
If you need to re-enable response to ping requests, enter the following command:
HP9300(config)# ip icmp echo broadcast-request
USING THE WEB MANAGEMENT INTERFACE
You cannot disable ICMP Echo replies using the Web management interface.
Disabling ICMP Destination Unreachable Messages
By default, when an HP device receives an IP packet that the device cannot deliver, the device sends an ICMP
Unreachable message back to the host that sent the packet. You can selectively disable an HP device’s response
to the following types of ICMP Unreachable messages:
• Administration – The packet was dropped by the HP device due to a filter or ACL configured on the device.
• Fragmentation-needed – The packet has the Don’t Fragment bit set in the IP Flag field, but the HP device
cannot forward the packet without fragmenting it.
• Host – The destination network or sub-net of the packet is directly connected to the HP device, but the host
specified in the destination IP address of the packet is not on the network.
• Network – The HP device cannot reach the network specified in the destination IP address of the packet.
• Port – The destination host does not have the destination TCP or UDP port specified in the packet. In this
case, the host sends the ICMP Port Unreachable message to the HP device, which in turn sends the
message to the host that sent the packet.
• Protocol – The TCP or UDP protocol on the destination host is not running. This message is different from
the Port Unreachable message, which indicates that the protocol is running on the host but the requested
protocol port is unavailable.
• Source-route-failure – The device received a source-routed packet but cannot locate the next-hop IP address
indicated in the packet’s Source-Route option.
You can disable the HP device from sending these types of ICMP messages on an individual basis. To do so, use
the following CLI method.
NOTE: Disabling an ICMP Unreachable message type does not change the HP device’s ability to forward
packets. Disabling ICMP Unreachable messages prevents the device from generating or forwarding the
Unreachable messages.
USING THE CLI
To disable all ICMP Unreachable messages, enter the following command:
HP9300(config)# no ip icmp unreachable
6 - 35