Feature |
Product |
Release introduced |
---|---|---|
Internet Control Message Protocol (ICMP) |
5320 Series |
Fabric Engine 8.6 Only 5320-48P-8XE and 5320-48T-8XE support more than one VRF with IP configuration. |
5420 Series |
VOSS 8.4 |
|
5520 Series |
VOSS 8.2.5 |
|
5720 Series |
Fabric Engine 8.7 |
|
7520 Series |
Fabric Engine 8.10 |
|
7720 Series |
Fabric Engine 8.10 |
|
VSP 4900 Series |
VOSS 8.1 |
|
VSP 7400 Series |
VOSS 8.0 |
|
ICMP broadcast and multicast enable or disable |
5320 Series |
Fabric Engine 8.6 Only 5320-48P-8XE and 5320-48T-8XE support more than one VRF with IP configuration. |
5420 Series |
VOSS 8.4 |
|
5520 Series |
VOSS 8.2.5 |
|
5720 Series |
Fabric Engine 8.7 |
|
7520 Series |
Fabric Engine 8.10 |
|
7720 Series |
Fabric Engine 8.10 |
|
VSP 4900 Series |
VOSS 8.1 |
|
VSP 7400 Series |
VOSS 8.0 |
|
Fragmented ICMP Packet Filtering for IPv4 |
5320 Series |
Fabric Engine 8.6 Only 5320-48P-8XE and 5320-48T-8XE support more than one VRF with IP configuration. |
5420 Series |
VOSS 8.5 |
|
5520 Series |
VOSS 8.5 |
|
5720 Series |
Fabric Engine 8.7 |
|
7520 Series |
Fabric Engine 8.10 |
|
7720 Series |
Fabric Engine 8.10 |
|
VSP 4900 Series |
VOSS 8.5 |
|
VSP 7400 Series |
VOSS 8.5 |
|
Fragmented ICMP Packet Filtering for IPv6 |
5320 Series |
Fabric Engine 8.6 Only 5320-48P-8XE and 5320-48T-8XE support more than one VRF with IP configuration. |
5420 Series |
VOSS 8.5 |
|
5520 Series |
VOSS 8.5 |
|
5720 Series |
Fabric Engine 8.7 |
|
7520 Series |
Fabric Engine 8.10 |
|
7720 Series |
Fabric Engine 8.10 |
|
VSP 4900 Series |
VOSS 8.5 |
|
VSP 7400 Series |
VOSS 8.5 |
On IPv4 networks, a packet can be directed to an individual machine or broadcast to an entire network. When a packet is sent to an IP broadcast address from a machine on the local network, that packet is delivered to all machines on that network.
If a packet that is broadcast is an ICMP echo request packet, the machines on the network receive this ICMP echo request packet and send an ICMP echo reply packet back. When all the machines on a network respond to this ICMP echo request, the result can be severe network congestion or outages.
The switch always responds to IPv4 ICMP packets sent to a broadcast address. You can disable the processing of these IPv4 ICMP packets sent to the broadcast address. On disabling the ICMP broadcast processing, all the packets containing ICMP sent to the broadcast addresses will be dropped when the packets reach the control plane.
You can disable or enable the IPv4 ICMP broadcast processing at the VRF level.
ICMP fragmentation distributed denial-of-service (DDoS) attacks flood the destination resources with fragmented packets and overwhelm the network because of massive volumes of traffic. With Fragmented ICMP packet filtering, the system inspects each incoming IPv4 ICMP packet to determine if it should drop the packet or forward it.