slot slot-number: Displays ICMP statistics for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)

chassis chassis-number slot slot-number: Displays ICMP statistics for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)

Usage guidelines

ICMP statistics include information about received and sent ICMP packets.

Examples

# Display ICMP statistics.

<Sysname> display icmp statistics

Input: bad formats 0 bad checksum 0

echo 175 destination unreachable 0

source quench 0 redirects 0

echo replies 201 parameter problem 0

timestamp 0 information requests 0

mask requests 0 mask replies 0

time exceeded 0 invalid type 0

router advert 0 router solicit 0

broadcast/multicast echo requests ignored 0

broadcast/multicast timestamp requests ignored 0

Output: echo 0 destination unreachable 0

source quench 0 redirects 0

echo replies 175 parameter problem 0

timestamp 0 information replies 0

mask requests 0 mask replies 0

time exceeded 0 bad address 0

packet error 1442

display ip statistics

Use display ip statistics to display IP packet statistics.

Syntax

In standalone mode:

display ip statistics [ slot slot-number ]

In IRF mode:

display ip statistics [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number: Displays IP packet statistics for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)

chassis chassis-number slot slot-number: Displays IP packet statistics for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)

Usage guidelines

IP statistics include information about received and sent packets and reassembly.

Examples

# Display IP packet statistics.

<Sysname> display ip statistics

Input: sum 7120 local 112

bad protocol 0 bad format 0

bad checksum 0 bad options 0

Output: forwarding 0 local 27

dropped 0 no route 2

compress fails 0

Fragment:input 0 output 0

dropped 0

fragmented 0 couldn't fragment 0

Reassembling:sum 0 timeouts 0

Table 1 Command output

Field		Description
Input	sum	Total number of packets received.
	local	Total number of packets destined for the device.
	bad protocol	Total number of unknown protocol packets.
	bad format	Total number of packets with incorrect format.
	bad checksum	Total number of packets with incorrect checksum.
	bad options	Total number of packets with incorrect option.
Output	forwarding	Total number of packets forwarded.
	local	Total number of packets locally sent.
	dropped	Total number of packets discarded.
	no route	Total number of packets for which no route is available.
	compress fails	Total number of packets failed to be compressed.
Fragment	input	Total number of fragments received.
	output	Total number of fragments sent.
	dropped	Total number of fragments dropped.
	fragmented	Total number of packets successfully fragmented.
	couldn't fragment	Total number of packets failed to be fragmented.
Reassembling	sum	Total number of packets reassembled.
Reassembling	timeouts	Total number of reassembly timeouts.

Related commands

· display ip interface

· reset ip statistics

display rawip

Use display rawip to display brief information about RawIP connections.

Syntax

In standalone mode:

display rawip [ slot slot-number ]

In IRF mode:

display rawip [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number: Displays brief RawIP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)

chassis chassis-number slot slot-number: Displays brief RawIP connection information for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)

Usage guidelines

Brief RawIP connection information includes local and peer addresses, protocol, and PCB.

Examples

# (In standalone mode.) Display brief information about RawIP connections.

<Sysname> display rawip

Local Addr Foreign Addr Protocol Slot PCB

0.0.0.0 0.0.0.0 1 1 0x0000000000000009

0.0.0.0 0.0.0.0 1 1 0x0000000000000008

0.0.0.0 0.0.0.0 1 5 0x0000000000000002

# (In IRF mode.) Display brief information about RawIP connections.

<Sysname> display rawip

Local Addr Foreign Addr Protocol Chassis Slot PCB

0.0.0.0 0.0.0.0 1 1 1 0x0000000000000009

0.0.0.0 0.0.0.0 1 1 1 0x0000000000000008

0.0.0.0 0.0.0.0 1 1 5 0x0000000000000002

Table 2 Command output

Field	Description
Local Addr	Local IP address.
Foreign Addr	Peer IP address.
Protocol	Protocol number.
Chassis	ID of the IRF member device.
Slot	Number of the slot that holds the card.
PCB	Protocol control block.

display rawip verbose

Use display rawip verbose to display detailed information about RawIP connections.

Syntax

In standalone mode:

display rawip verbose [ slot slot-number [ pcb pcb-index ] ]

In IRF mode:

display rawip verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

pcb pcb-index: Displays detailed RawIP connection information for the specified PCB. The pcb-index argument specifies the index of the PCB, in the range of 1 to 16.

slot slot-number: Displays detailed RawIP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)

chassis chassis-number slot slot-number: Displays detailed RawIP connection information for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)

Usage guidelines

Use the display rawip verbose command to display detailed information about socket creator, state, option, type, protocol number, and the source and destination IP addresses of RawIP connections.

Examples

# (In standalone mode.) Display detailed information about RawIP connections.

<Sysname> display rawip verbose

Total RawIP Socket Number: 1

slot: 1

creator: ping[320]

state: N/A

options: N/A

error: 0

rcvbuf(cc/hiwat/lowat/state): 0 / 9216 / 1 / N/A

sndbuf(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A

type: 3

protocol: 1

connection info: src = 0.0.0.0, dst = 0.0.0.0

inpcb flags: N/A

inpcb vflag: INP_IPV4

TTL: 255(minimum TTL: 0)

send VRF: 0xffff

receive VRF: 0xffff

# (In IRF mode.) Display detailed information about RawIP connections.

<Sysname> display rawip verbose

Total RawIP Socket Number: 1

chassis: 1

slot: 1

creator: ping[320]

state: N/A

options: N/A

error: 0

rcvbuf(cc/hiwat/lowat/state): 0 / 9216 / 1 / N/A

sndbuf(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A

type: 3

protocol: 1

connection info: src = 0.0.0.0, dst = 0.0.0.0

inpcb flags: N/A

inpcb vflag: INP_IPV4

TTL: 255(minimum TTL: 0)

send VRF: 0xffff

receive VRF: 0xffff

Table 3 Command output

Field	Description
Total RawIP Socket Number	Total number of RawIP sockets.
chassis	ID of the IRF member device.
slot	Number of the slot that holds the card.
creator	Name of the operation that created the socket. The number in brackets is the process number of the creator.
state	State of the socket.
options	Socket options.
rcvbuf(cc/hiwat/lowat/state)	Information about the receiving buffer: in brackets are the used space, the maximum space, the minimum space, and the state.
sndbuf(cc/hiwat/lowat/state)	Information about the sending buffer: in brackets are the used space, the maximum space, the minimum space, and the state.
type	Socket type.
protocol	Number of the protocol using the socket.
connection info	Source IP address and destination IP address.
inpcb flags	Flags in the Internet PCB.
inpcb vflag	IP version flags in the Internet PCB.

display tcp

Use display tcp to display brief information about TCP connections.

Syntax

In standalone mode:

display tcp [ slot slot-number ]

In IRF mode:

display tcp [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number: Displays brief TCP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)

chassis chassis-number slot slot-number: Displays brief TCP connection information for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)

Usage guidelines

Brief TCP connection information includes local IP address, local port number, peer IP address, peer port number, and TCP connection state.

Examples

# (In standalone mode.) Display brief information about TCP connections.

<Sysname> display tcp

*: TCP MD5 Connection

Local Addr:port Foreign Addr:port State Slot PCB

*0.0.0.0:21 0.0.0.0:0 LISTEN 1 0x000000000000c387

192.168.20.200:23 192.168.20.14:1284 ESTABLISHED 1 0x0000000000000009

192.168.20.200:23 192.168.20.14:1283 ESTABLISHED 1 0x0000000000000002

# (In IRF mode.) Display brief information about TCP connections.

<Sysname> display tcp

*: TCP MD5 Connection

Local Addr:port Foreign Addr:port State Chassis Slot PCB

*0.0.0.0:21 0.0.0.0:0 LISTEN 1 1 0x000000000000c387

192.168.20.200:23 192.168.20.14:1284 ESTABLISHED 1 1 0x0000000000000009

192.168.20.200:23 192.168.20.14:1283 ESTABLISHED 1 1 0x0000000000000002

Table 4 Command output

Field	Description
*	Indicates the TCP connection uses MD5 authentication.
Local Addr:port	Local IP address and port number.
Foreign Addr:port	Peer IP address and port number.
State	TCP connection state.
Chassis	ID of the IRF member device.
Slot	Number of the slot that holds the card.
PCB	PCB index.

display tcp statistics

Use display tcp statistics to display TCP traffic statistics.

Syntax

In standalone mode:

display tcp statistics [ slot slot-number ]

In IRF mode:

display tcp statistics [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number: Displays TCP traffic statistics for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)

chassis chassis-number slot slot-number: Displays TCP traffic statistics for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)

Usage guidelines

TCP traffic statistics include information about received and sent TCP packets and Syncache/syncookie.

Examples

# Display TCP traffic statistics.

<Sysname> display tcp statistics

Received packets:

Total: 4150

packets in sequence: 1366 (134675 bytes)

window probe packets: 0, window update packets: 0

checksum error: 0, offset error: 0, short error: 0

packets dropped for lack of memory: 0

packets dropped due to PAWS: 0

duplicate packets: 12 (36 bytes), partially duplicate packets: 0 (0 bytes)

out-of-order packets: 0 (0 bytes)

packets with data after window: 0 (0 bytes)

packets after close: 0

ACK packets: 3531 (795048 bytes)

duplicate ACK packets: 33, ACK packets for unsent data: 0

Sent packets:

Total: 4058

urgent packets: 0

control packets: 50

window probe packets: 3, window update packets: 11

data packets: 3862 (795012 bytes), data packets retransmitted: 0 (0 bytes)

ACK-only packets: 150 (52 delayed)

unnecessary packet retransmissions: 0

Syncache/syncookie related statistics:

entries added to syncache: 12

syncache entries retransmitted: 0

duplicate SYN packets: 0

reply failures: 0

successfully build new socket: 12

bucket overflows: 0

zone failures: 0

syncache entries removed due to RST: 0

syncache entries removed due to timed out: 0

ACK checked by syncache or syncookie failures: 0

syncache entries aborted: 0

syncache entries removed due to bad ACK: 0

syncache entries removed due to ICMP unreachable: 0

SYN cookies sent: 0

SYN cookies received: 0

SACK related statistics:

SACK recoveries: 1

SACK retransmitted segments: 0 (0 bytes)

SACK blocks (options) received: 0

SACK blocks (options) sent: 0

SACK scoreboard overflows: 0

Other statistics:

retransmitted timeout: 0, connections dropped in retransmitted timeout: 0

persist timeout: 0

keepalive timeout: 21, keepalive probe: 0

keepalive timeout, so connections disconnected: 0

fin_wait_2 timeout, so connections disconnected: 0

initiated connections: 29, accepted connections: 12, established connections:

closed connections: 50051 (dropped: 0, initiated dropped: 0)

bad connection attempt: 0

ignored RSTs in the window: 0

listen queue overflows: 0

RTT updates: 3518(attempt segment: 3537)

correct ACK header predictions: 0

correct data packet header predictions: 568

resends due to MTU discovery: 0

packets dropped with MD5 authentication: 0

packets permitted with MD5 authentication: 0

Related commands

reset tcp statistics

display tcp verbose

Use display tcp verbose to display detailed information about TCP connections.

Syntax

In standalone mode:

display tcp verbose [ slot slot-number [ pcb pcb-index ] ]

In IRF mode:

display tcp verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

pcb pcb-index: Displays detailed TCP connection information for the specified PCB. The pcb-index argument specifies the index of the PCB, in the range of 1 to 16.

slot slot-number: Displays detailed TCP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)

chassis chassis-number slot slot-number: Displays detailed TCP connection information for the specified card on the specified member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)

Usage guidelines

Detailed TCP connection information includes socket creator, state, option, type, protocol number, source IP address and port number, destination IP address and port number, and connection state.

Examples

# (In standalone mode.) Display detailed information about TCP connections.

<Sysname> display tcp verbose

TCP inpcb number: 1(tcpcb number: 1)

slot: 1

creator: telnetd_mips[199]

state: ISCONNECTED

options: N/A

error: 0

rcvbuf(cc/hiwat/lowat/state): 0 / 65700 / 1 / N/A

sndbuf(cc/hiwat/lowat/state): 0 / 65700 / 512 / N/A

type: 1

protocol: 6

connection info: src = 192.168.20.200:23 , dst = 192.168.20.14:4181

inpcb flags: N/A

inpcb vflag: INP_IPV4

TTL: 255(minimum TTL: 0)

connection state: ESTABLISHED

send VRF: 0x0

receive VRF: 0x0

# (In IRF mode.) Display detailed information about TCP connections.

<Sysname> display tcp verbose

TCP inpcb number: 1(tcpcb number: 1)

chassis: 1

slot: 1

creator: telnetd_mips[199]

state: ISCONNECTED

options: N/A

error: 0

rcvbuf(cc/hiwat/lowat/state): 0 / 65700 / 1 / N/A

sndbuf(cc/hiwat/lowat/state): 0 / 65700 / 512 / N/A

type: 1

protocol: 6

connection info: src = 192.168.20.200:23 , dst = 192.168.20.14:4181

inpcb flags: N/A

inpcb vflag: INP_IPV4

TTL: 255(minimum TTL: 0)

connection state: ESTABLISHED

send VRF: 0x0

receive VRF: 0x0

display udp

Use display udp to display brief information about UDP connections.

Syntax

In standalone mode:

display udp [ slot slot-number ]

In IRF mode:

display udp [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number: Displays brief UDP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)

chassis chassis-number slot slot-number: Displays brief UDP connection information for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)

Usage guidelines

Brief UDP connection information includes local IP address and port number, and peer IP address and port number.

Examples

# (In standalone mode.) Display brief information about UDP connections.

<Sysname> display udp

Local Addr:port Foreign Addr:port Slot PCB

0.0.0.0:69 0.0.0.0:0 1 0x0000000000000003

192.168.20.200:1024 192.168.20.14:69 5 0x0000000000000002

# (In IRF mode.) Display brief information about UDP connections.

<Sysname> display udp

Local Addr:port Foreign Addr:port Chassis Slot PCB

0.0.0.0:69 0.0.0.0:0 1 1 0x0000000000000003

192.168.20.200:1024 192.168.20.14:69 1 5 0x0000000000000002

Table 5 Command output

Field	Description
Local Addr:port	Local IP address and port number.
Foreign Addr:port	Peer IP address and port number.
Chassis	ID of the IRF member device.
Slot	Slot number of the card.
PCB	PCB index.

display udp statistics

Use display udp statistics to display UDP traffic statistics.

Syntax

In standalone mode:

display udp statistics [ slot slot-number ]

In IRF mode:

display udp statistics [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number: Displays UDP traffic statistics for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)

chassis chassis-number slot slot-number: Displays UDP traffic statistics for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device and the slot-number argument specifies the slot number of the card. (In IRF mode.)

Usage guidelines

UDP traffic statistics include information about received and sent UDP packets.

Examples

# Display UDP traffic statistics.

<Sysname> display udp statistics

Received packets:

Total: 240

checksum error: 0, no checksum: 0

shorter than header: 0, data length larger than packet: 0

no socket on port(unicast): 0

no socket on port(broadcast/multicast): 240

not delivered, input socket full: 0

Sent packets:

Total: 0

Related commands

reset udp statistics

display udp verbose

Use display udp verbose to display detailed information about UDP connections.

Syntax

In standalone mode:

display udp verbose [ slot slot-number [ pcb pcb-index ] ]

In IRF mode:

display udp verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

pcb pcb-index: Displays detailed UDP connection information for the specified PCB. The pcb-index argument specifies the index of the PCB, in the range of 1 to 16.

slot slot-number: Displays detailed UDP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)

chassis chassis-number slot slot-number: Displays detailed UDP connection information for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)

Usage guidelines

Detailed UDP connection information includes the socket creator, status, option, type, the protocol number, the source IP address and port number, and the destination IP address and port number for UDP connections.

Examples

# (In standalone mode.) Display detailed UDP connection information.

<Sysname> display udp verbose

Total UDP Socket Number: 1

slot: 1

creator: sock_test_mips[250]

state: N/A

options: N/A

error: 0

rcvbuf(cc/hiwat/lowat/state): 0 / 41600 / 1 / N/A

sndbuf(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A

type: 2

protocol: 17

connection info: src = 0.0.0.0:69, dst = 0.0.0.0:0

inpcb flags: N/A

inpcb vflag: INP_IPV4

TTL: 255(minimum TTL: 0)

send VRF: 0xffff

receive VRF: 0xffff

# (In IRF mode.) Display detailed information about UDP connections.

<Sysname> display udp verbose

Total UDP Socket Number: 1

chassis: 1

slot: 1

creator: sock_test_mips[250]

state: N/A

options: N/A

error: 0

rcvbuf(cc/hiwat/lowat/state): 0 / 41600 / 1 / N/A

sndbuf(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A

type: 2

protocol: 17

connection info: src = 0.0.0.0:69, dst = 0.0.0.0:0

inpcb flags: N/A

inpcb vflag: INP_IPV4

TTL: 255(minimum TTL: 0)

send VRF: 0xffff

receive VRF: 0xffff

Table 6 Command output

Field	Description
Total UDP Socket Number	Total number of UDP sockets.
chassis	ID of the IRF member device.
slot	Slot number of the card.
creator	Name of the operation that created the socket. The number in brackets is the process number of the creator.
state	Socket state.
options	Socket option.
error	Errors affecting socket connection.
rcvbuf(cc/hiwat/lowat/state)	Information about the receiving buffer: in brackets are the used space, the maximum space, the minimum space, and the state.
sndbuf(cc/hiwat/lowat/state)	Information about the sending buffer: in brackets are the used space, the maximum space, the minimum space, and the state.
type	Socket type.
protocol	Number of the protocol using the socket.
inpcb flags	Flags in the Internet PCB.
inpcb vflag	IP version flags in the Internet PCB.

ip forward-broadcast

Use ip forward-broadcast to enable an interface to receive and forward directed broadcast packets destined for the directly connected network.

Use undo ip forward-broadcast to disable an interface from receiving and forwarding directed broadcast packets destined for the directly connected network.

Syntax

ip forward-broadcast

undo ip forward-broadcast

Default

An interface cannot forward directed broadcasts destined for the directly connected network. It can receive directed broadcasts destined for the directly connected network.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones.

If an interface is allowed to forward directed broadcasts destined for the directly connected network, hackers can exploit this vulnerability to attack the target network. In some scenarios, however, an interface must receive and send such directed broadcast packets to support UDP helper and Wake on LAN.

This command enables an interface to accept directed broadcast packets that are destined for and received from the directly connected network to support UDP helper, which converts the directed broadcasts to unicasts and forwards them to a specific server.

The command also enables the interface to forward directed broadcast packets that are destined for the directly connected network and are received from another subnet to support Wake on LAN, which sends the directed broadcasts to wake up the hosts on the target network.

Examples

# Enable VLAN-interface 2 to receive and forward directed broadcast packets destined for the directly connected network.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ip forward-broadcast

ip icmp flow-control

Use ip icmp flow-control to enable ICMP flow control.

Use undo ip icmp flow-control to disable ICMP flow control.

Syntax

ip icmp flow-control

undo ip icmp flow-control

Default

ICMP flow control is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Delivering a large number of ICMP packets to the CPU impacts the processing of other services. To prevent this situation, you can enable ICMP flow control.

Examples

# Enable ICMP flow control.

<Sysname> system-view

[Sysname] ip icmp flow-control

ip icmp fragment discarding

Use ip icmp fragment discarding to disable forwarding of ICMP fragments.

Use undo ip icmp fragment discarding to enable forwarding of ICMP fragments.

Syntax

ip icmp fragment discarding

undo ip icmp fragment discarding

Default

Forwarding of ICMP fragments is enabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Disable forwarding of ICMP fragments can prevent ICMP fragment attacks.

Examples

# Disable forwarding of ICMP fragments.

<Sysname> system-view

[Sysname] ip icmp fragment discarding

ip mtu

Use ip mtu to configure an MTU for an interface.

Use undo ip mtu to restore the default.

Syntax

ip mtu mtu-size

undo ip mtu

Default

No MTU is configured for an interface.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Parameters

mtu-size: Specifies an MTU in the range of 128 to 2000 bytes.

Usage guidelines

When a packet exceeds the MTU of the output interface, the device processes it in one of the following ways:

· If the packet disallows fragmentation, the device discards it.

· If the packet allows fragmentation, the device fragments it and forwards the fragments.

Fragmentation and reassembling consume system resources, so set an appropriate MTU for an interface to avoid fragmentation.

If an interface supports both the mtu and ip mtu commands, the device fragments a packet based on the MTU set by the ip mtu command.

Examples

# Set the MTU of VLAN interface 100 to 1280 bytes.

<Sysname> system-view

[Sysname] interface vlan-interface 100

[Sysname-Vlan-interface100] ip mtu 1280

ip redirects enable

Use ip redirects enable to enable sending ICMP redirect packets.

Use undo ip redirects enable to disable sending ICMP redirect packets.

Syntax

ip redirects enable

undo ip redirects enable

Default

Sending ICMP redirect packets is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

ICMP redirect packets simplify host management and enable hosts to gradually optimize its routing table.

A host that has only one route destined to the default gateway sends all packets to the default gateway. The default gateway sends an ICMP redirect packet to inform the host of a correct next hop by following these rules:

· The receiving and sending interfaces are the same.

· The selected route is not created or modified by any ICMP redirect packet.

· The selected route is not destined for 0.0.0.0.

· There is no source route option in the received packet.

Examples

# Enable sending ICMP redirect packets.

<Sysname> system-view

[Sysname] ip redirects enable

ip ttl-expires enable

Use ip ttl-expires enable to enable sending ICMP time-exceeded packets.

Use undo ip ttl-expires enable to disable sending ICMP time-exceeded packets.

Syntax

ip ttl-expires enable

undo ip ttl-expires enable

Default

Sending ICMP time-exceeded packets is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

A device sends ICMP time-exceeded packets by following these rules:

· If a received packet is not destined for the device and the TTL field of the packet is 1, the device sends an ICMP "TTL expired in transit" packet to the source.

· When the device receives the first fragment of an IP datagram destined for the device itself, it starts a timer. If the timer expires before all the fragments of the datagram are received, the device sends an ICMP "fragment reassembly timeout" packet to the source.

A device disabled from sending ICMP time-exceeded packets does not send ICMP "TTL expired" packets but can still send ICMP "fragment reassembly timeout" packets.

Examples

# Enable sending ICMP time-exceeded packets.

<Sysname> system-view

[Sysname] ip ttl-expires enable

ip unreachables enable

Use ip unreachables enable to enable sending ICMP destination unreachable packets.

Use undo ip unreachables enable to disable sending ICMP destination unreachable packets.

Syntax

ip unreachables enable

undo ip unreachables enable

Default

Sending ICMP destination unreachable packets is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

A device sends ICMP destination unreachable packets by following these rules:

· If a packet does not match any specific route and there is no default route in the routing table, the device sends a Network Unreachable ICMP error packet to the source.

· If a packet is destined for the device but the transport layer protocol of the packet is not supported by the device, the device sends a Protocol Unreachable ICMP error packet to the source.

· If a UDP packet is destined for the device but the packet's port number does not match the running process, the device sends the source a Port Unreachable ICMP error packet.

· If the source uses Strict Source Routing to send packets, but the intermediate device finds that the next hop specified by the source is not directly connected, the device sends the source a Source Routing Failure ICMP error packet.

· If the MTU of the sending interface is smaller than the packet and the packet has a Don't Fragment set, the device sends the source a Fragmentation Needed and Don't Fragment-Set ICMP error packet.

Examples

# Enable sending ICMP destination unreachable packets.

<Sysname> system-view

[Sysname] ip unreachables enable

reset ip statistics

Use reset ip statistics to clear IP traffic statistics.

Syntax

In standalone mode:

reset ip statistics [ slot slot-number ]

In IRF mode:

reset ip statistics [ chassis chassis-number slot slot-number ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

slot slot-number: Clears IP traffic statistics for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)

chassis chassis-number slot slot-number: Clears IP traffic statistics for the specified card of the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number specifies the slot number of the card. (In IRF mode.)

Usage guidelines

To collect new IP traffic statistics within a period of time, use this command to clear history IP traffic statistics first.

Examples

# Clear IP traffic statistics.

<Sysname> reset ip statistics

Related commands

· display ip interface

· display ip statistics

reset tcp statistics

Use reset tcp statistics to clear TCP traffic statistics.

Syntax

reset tcp statistics

Views

User view

Predefined user roles

network-admin

mdc-admin

Examples

# Clear TCP traffic statistics.

<Sysname> reset tcp statistics

Related commands

display tcp statistics

reset udp statistics

Use reset udp statistics to clear UDP traffic statistics.

Syntax

reset udp statistics

Views

User view

Predefined user roles

network-admin

mdc-admin

Examples

# Clear UDP traffic statistics.

<Sysname> reset udp statistics

Related commands

display udp statistics

tcp mss

Use tcp mss to configure the TCP maximum segment size (MSS).

Use undo tcp mss to restore the default.

Syntax

tcp mss value

undo tcp mss

Default

The TCP MSS is 1460 bytes.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Parameters

Value: Specifies the TCP MSS in the range of 128 to 2048 bytes.

Usage guidelines

This configuration takes effect only on TCP connections that are established after the configuration and not on the TCP connections that already exist.

This configuration is effective only on IP packets. If MPLS is enabled on the interface, do not configure the TCP MSS on the interface.

The MSS option informs the receiver of the largest segment that the sender can accept. Each end announces its MSS during TCP connection establishment.

If the size of a TCP segment is smaller than the MSS of the receiver, TCP sends the TCP segment without fragmentation. If not, it fragments the segment according to the receiver's MSS.

If you configure a TCP MSS on an interface, the size of each TCP segment received or sent on the interface cannot exceed the MSS value.

Examples

# Set the TCP MSS to 300 bytes on VLAN-interface 100.

<Sysname> system-view

[Sysname] interface vlan-interface 100

[Sysname-Vlan-interface100] tcp mss 300

tcp path-mtu-discovery

Use tcp path-mtu-discovery to enable TCP path MTU discovery.

Use undo tcp path-mtu-discovery to disable TCP path MTU discovery.

Syntax

tcp path-mtu-discovery [ aging age-time | no-aging ]

undo tcp path-mtu-discovery

Default

TCP path MTU discovery is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

aging age-time: Sets the aging time for the path MTU, in the range of 10 to 30 minutes. The default aging time is 10 minutes.

no-aging: Does not age out the path MTU.

Usage guidelines

After you enable TCP path MTU discovery, all new TCP connections detect the path MTU. The device uses the path MTU to calculate the MSS to avoid IP fragmentation.

After you disable TCP path MTU discovery, the system stops all path MTU timers. The TCP connections established later do not detect the path MTU, but the TCP connections previously established still can detect the path MTU.

Examples

# Enable TCP path MTU discovery and set the path MTU aging time to 20 minutes.

<Sysname> system-view

[Sysname] tcp path-mtu-discovery aging 20

tcp syn-cookie enable

Use tcp syn-cookie enable to enable SYN Cookie to protect the device from SYN flood attacks.

Use undo tcp syn-cookie enable to disable SYN Cookie.

Syntax

tcp syn-cookie enable

undo tcp syn-cookie enable

Default

SYN Cookie is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

A TCP connection is established through a three-way handshake:

1. The sender sends a SYN packet to the server.

2. The server receives the SYN packet, establishes a TCP semi-connection in SYN_RECEIVED state, and replies with a SYN ACK packet to the sender.

3. The sender receives the SYN ACK packet and replies with an ACK packet. Then, a TCP connection is established.

An attacker can exploit this mechanism to mount SYN flood attacks. The attacker sends a large number of SYN packets, but they do not respond to the SYN ACK packets from the server. As a result, the server establishes a large number of TCP semi-connections and cannot handle normal services.

SYN Cookie can protect the server from SYN flood attacks. When the server receives a SYN packet, it responds to the request with a SYN ACK packet without establishing a TCP semi-connection.

The server establishes a TCP connection and enters ESTABLISHED state only when it receives an ACK packet from the sender.

Examples

# Enable SYN Cookie.

<Sysname> system-view

[Sysname] tcp syn-cookie enable

tcp timer fin-timeout

Use tcp timer fin-timeout to configure the TCP FIN wait timer.

Use undo tcp timer fin-timeout to restore the default.

Syntax

tcp timer fin-timeout time-value

undo tcp timer fin-timeout

Default

The TCP FIN wait timer is 675 seconds.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

time-value: Specifies the TCP FIN wait timer in the range of 76 to 3600 seconds.

Usage guidelines

TCP starts the FIN wait timer when the state changes to FIN_WAIT_2. If no FIN packet is received within the timer interval, the TCP connection is terminated.

If a FIN packet is received, TCP changes connection state to TIME_WAIT. If a non-FIN packet is received, TCP restarts the timer and tears down the connection when the timer expires.

Examples

# Set the TCP FIN wait timer to 800 seconds.

<Sysname> system-view

[Sysname] tcp timer fin-timeout 800

tcp timer syn-timeout

Use tcp timer syn-timeout to configure the TCP SYN wait timer.

Use undo tcp timer syn-timeout to restore the default.

Syntax

tcp timer syn-timeout time-value

undo tcp timer syn-timeout

Default

The TCP SYN wait timer is 75 seconds.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

time-value: Specifies the TCP SYN wait timer in the range of 2 to 600 seconds.

Usage guidelines

TCP starts the SYN wait timer after sending a SYN packet. If no response packet is received within the SYN wait timer interval, TCP fails to establish the connection.

Examples

# Set the TCP SYN wait timer to 80 seconds.

<Sysname> system-view

[Sysname] tcp timer syn-timeout 80

tcp window

Use tcp window to configure the size of the TCP receive/send buffer.

Use undo tcp window to restore the default.

Syntax

tcp window window-size

undo tcp window

Default

The size of the TCP receive/send buffer is 64 KB.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

window-size: Specifies the size of the TCP receive/send buffer in KB, in the range of 1 to 64.

Examples

# Configure the size of the TCP receive/send buffer as 3 KB.

<Sysname> system-view

[Sysname] tcp window 3

05-Layer 3 - IP Services Command Reference

ip icmp fragment discarding

reset ip statistics

tcp mss

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us