Configuring ICMP

You can configure the following ICMP limits:

Burst-normal	The maximum number of ICMP replies to send per second.
Reply limit	You can enable or disable ICMP reply rate limiting.

Disabling ICMP messages

HP devices are enabled to reply to ICMP echo messages and send ICMP Destination Unreachable messages by default.

You can selectively disable the following types of Internet Control Message Protocol (ICMP) messages:

Echo messages (ping messages)	The routing switch replies to IP pings from other IP devices.
Destination unreachable messages	If the routing switch receives an IP packet that it cannot deliver to its destination, the routing switch discards the packet and sends a message back to the device that sent the packet to the routing switch. The message informs the device that the destination cannot be reached by the routing switch.
Address mask replies	You can enable or disable ICMP address mask replies.

Disabling replies to broadcast ping requests

By default, HP devices are enabled to respond to broadcast ICMP echo packets, which are ping requests (for more information, see Disabling ICMP messages).

To disable response to broadcast ICMP echo packets (ping requests), enter the following command:

HP Switch(config)# no ip icmp echo broadcast-request

Syntax:

[no] ip icmp echo broadcast-request

If you need to re-enable response to ping requests, enter the following command:

HP Switch(config)# ip icmp echo broadcast-request

Disabling ICMP destination unreachable messages

By default, when a HP device receives an IP packet that the device cannot deliver, the device sends an ICMP unreachable message back to the host that sent the packet. The following types of ICMP unreachable messages are generated:

Administration	The packet was dropped by the HP device due to a filter or ACL configured on the device.
Fragmentation-needed	The packet has the "Don't Fragment" bit set in the IP Flag field, but the HP device cannot forward the packet without fragmenting it.
Host	The destination network or subnet of the packet is directly connected to the HP device, but the host specified in the destination IP address of the packet is not on the network.
Network	The HP device cannot reach the network specified in the destination IP address of the packet.
Port	The destination host does not have the destination TCP or UDP port specified in the packet. In this case, the host sends the ICMP Port Unreachable message to the HP device, which in turn sends the message to the host that sent the packet.
Protocol	The TCP or UDP protocol on the destination host is not running. This message is different from the Port Unreachable message, which indicates that the protocol is running on the host but the requested protocol port is unavailable.
Source-route-failure	The device received a source-routed packet but cannot locate the next-hop IP address indicated in the packet's Source-Route option.


	NOTE: Disabling an ICMP Unreachable message type does not change the HP device's ability to forward packets. Disabling ICMP Unreachable messages prevents the device from generating or forwarding the Unreachable messages.

Disabling all ICMP unreachable messages

To disable all ICMP Unreachable messages, enter the following command:

HP Switch(config)# no ip icmp unreachable

Syntax:

[no] ip icmp unreachable

For more information, see Disabling ICMP destination unreachable messages.

Disabling ICMP redirects

You can disable ICMP redirects on the HP routing switch only on a global basis, for all the routing-switch interfaces.

To disable ICMP redirects globally, enter the following command at the global CONFIG level of the CLI:

HP Switch(config)# no ip icmp redirects

Syntax:

[no] ip icmp redirects

prev	up	next
Configuring IP parameters for routing switches	home	Configuring static IP routes