Configure TCP Keepalive and TCP Timestamp
About this task
TCP Keepalive configures the system TCP keepalive interval, probes, and time.
TCP Timestamp option (RFC 1323) allows TCP to determine the order in which the packets are sent. The TCP Timestamp provides protection against Wrapped Seqence numbers. However, it is possible to calculate the system uptime when the Timestamp option is enabled. The analysis of timestamp behaviour can provide information on the system identity, which poses security threats and can cause a potential attack.
Note
The configuration will be applied only to the new TCP connections and the existing connections are not affected. You must perform a config save and reboot to apply the new configuration to all TCP connections.
Procedure
Examples
Switch:1>enable Switch:1#configure terminal Switch:1(config)#sys control tcp-keepalive-interval 60 Switch:1(config)#sys control tcp-keepalive-probes 15 Switch:1(config)#sys control tcp-keepalive-time 120
Disable TCP Timestamp:
Switch:1>enable Switch:1#configure terminal Switch:1(config)#no sys control tcp-timestamp Warning: Existing TCP connections won't be affected. A config save and reboot is required to apply this configuration for all TCP connections
Display the status of the TCP Timestamp:
Switch:1>show sys control ========================================================================================== System Control Settings ========================================================================================== tcp-timestamp : disable tcp-keepalive-time : 120 tcp-keepalive-interval : 60 tcp-keepalive-probes : 15 mac-move-protection : on
Variable Definitions
The following table defines parameters for the sys control command.
Variable |
Value |
---|---|
tcp-keepalive-interval <1-3600> Note:
Exception: Not supported on VSP 8600 Series |
Configure the TCP keepalive interval in seconds. The default is 10. |
tcp-keepalive-probes
<1-50>
Note:
Exception: Not supported on VSP 8600 Series |
Configure the TCP keepalive probes. The default is 5. |
tcp-keepalive-time <5-65535> Note:
Exception: Not supported on VSP 8600 Series |
Configure the TCP keepalive time in seconds. The default is 60. |
tcp-timestamp |
Enable or disable tcp-timestamp.
Note:
The timestamp is enabled by default. The system displays the following warning message when a new configuration is applied: Warning: Existing TCP connections won't be affected. A config save and reboot is required to apply this configuration for all TCP connections. |