Configure TCP Keepalive and TCP Timestamp
About this task
TCP Keepalive configures the system TCP keepalive interval, probes, and time.
TCP Timestamp option (RFC 1323) allows TCP to determine the order in which the packets are sent. The TCP Timestamp provides protection against Wrapped Seqence numbers. However, it is possible to calculate the system uptime when the Timestamp option is enabled. The analysis of timestamp behaviour can provide information on the system identity, which poses security threats and can cause a potential attack.
Note
The configuration will be applied only to the new TCP connections and the existing connections are not affected. You must save the configuration and reboot the switch to apply the new configuration to all TCP connections.
Procedure
- In the navigation pane, expand .
- Select Chassis.
- Select the System Control tab.
-
Configure the TCP timestamp by
performing one of the following actions:
- Select TcpTimestamp to enable the TCP timestamp.
- Clear TcpTimestamp to disable the TCP timestamp.
- In KeepaliveTime, enter a number in seconds.
- In KeepaliveInterval, enter a number in seconds.
- In KeepaliveProbes, enter a number of probes.
- Select Apply.
System Control Field Descriptions
Use the data in the following table to use the System Control tab.
Name |
Description |
---|---|
TcpTimestampEnable |
Enables or disables the TCP timestamp. The timestamp is enabled by default. The system displays the following warning message after you apply a new configuration: Warning: Existing TCP connections won't be affected. A config save and reboot is required to apply this configuration for all TCP connections. |
KeepaliveTime
Note: Exception: Not supported
on VSP 8600
Series.
|
Specify the TCP keepalive time in seconds. The default is 60. |
KeepaliveInterval
Note: Exception: Not supported
on VSP 8600
Series.
|
Specify the TCP keepalive interval in seconds. The default is 10. |
KeepaliveProbes
Note: Exception: Not supported
on VSP 8600
Series.
|
Specify the TCP keepalive probes. The default is 5. |
PrivExecPasswordEnable |
Enables authentication to access Privileged EXEC CLI command mode. Authentication is disabled by default. |