Configure TCP Keepalive and TCP Timestamp

About this task

TCP Keepalive configures the system TCP keepalive interval, probes, and time.

TCP Timestamp option (RFC 1323) allows TCP to determine the order in which the packets are sent. The TCP Timestamp provides protection against Wrapped Seqence numbers. However, it is possible to calculate the system uptime when the Timestamp option is enabled. The analysis of timestamp behaviour can provide information on the system identity, which poses security threats and can cause a potential attack.

The TCP Timestamp option is enabled by default. You can disable the timestamp to avoid any security risks.
Note

Note

The configuration will be applied only to the new TCP connections and the existing connections are not affected. You must save the configuration and reboot the switch to apply the new configuration to all TCP connections.

Procedure

  1. In the navigation pane, expand Configuration > Edit.
  2. Select Chassis.
  3. Select the System Control tab.
  4. Configure the TCP timestamp by performing one of the following actions:
    1. Select TcpTimestamp to enable the TCP timestamp.
    2. Clear TcpTimestamp to disable the TCP timestamp.
  5. In KeepaliveTime, enter a number in seconds.
  6. In KeepaliveInterval, enter a number in seconds.
  7. In KeepaliveProbes, enter a number of probes.
  8. Select Apply.

System Control Field Descriptions

Use the data in the following table to use the System Control tab.

Name

Description

TcpTimestampEnable

Enables or disables the TCP timestamp.

The timestamp is enabled by default. The system displays the following warning message after you apply a new configuration:

Warning: Existing TCP connections won't be affected. A config save and reboot is required to apply this configuration for all TCP connections.

KeepaliveTime
Note: Exception: Not supported on VSP 8600 Series.

Specify the TCP keepalive time in seconds. The default is 60.

KeepaliveInterval
Note: Exception: Not supported on VSP 8600 Series.

Specify the TCP keepalive interval in seconds. The default is 10.

KeepaliveProbes
Note: Exception: Not supported on VSP 8600 Series.

Specify the TCP keepalive probes. The default is 5.

PrivExecPasswordEnable

Enables authentication to access Privileged EXEC CLI command mode.

Authentication is disabled by default.