Service Manual

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

331

332

333

334

335

336

337

338

339

340

device for it to obtain the packet without fragmentation. If the ICMP message from the receiving device, which is sent to the

originating device, contains the next-hop MTU, then the sending device lowers the packet size accordingly and resends the packet.

Otherwise, the iterative method is followed until the packet can traverse without being fragmented.

PMTD is enabled by default on the switches that support this capability. To enable PMTD to function correctly, you must enter the

ip unreachables command on a VLAN interface to enable the generation of ICMP unreachable messages. PMTD is supported

on all the layer 3 VLAN interfaces. Because all of the Layer 3 interfaces are mapped to the VLAN ID of 4095 when VLAN sub-

interfaces are congured on it, it is not possible to congure unique layer 3 MTU values for each of the layer 3 interfaces. If a VLAN

interface contains both IPv4 and IPv6 addresses congured on it, both the IPv4 and IPv6 trac are applied the same MTU size; you

cannot specify dierent MTU values for IPv4 and IPv6 packets.

Using the Congured Source IP Address in ICMP Messages

This feature is supported on the platform.

ICMP error or unreachable messages are now sent with the congured IP address of the source interface instead of the front-end

port IP address as the source IP address. Enable the generation of ICMP unreachable messages through the ip unreachable

command in Interface mode. When a ping or traceroute packet from an endpoint or a device arrives at the null 0 interface congured

with a static route, it is discarded. In such cases, you can congure Internet Control Message Protocol (ICMP) unreachable

messages to be sent to the transmitting device.

Conguring the ICMP Source Interface

You can enable the ICMP error and unreachable messages to contain the congured IP address of the source device instead of the

previous hop's IP address. This conguration helps identify the devices along the path because the DNS server maps the loopback IP

address to the host name, and does not translate the IP address of every interface of the switch to the host name.

Congure the source to send the congured source interface IP address instead of using its front-end IP address in the ICMP

unreachable messages and in the traceroute command output. Use the ip icmp source-interface interface or the

ipv6 icmp source-interface interface commands in Conguration mode to enable the ICMP error messages to be

sent with the source interface IP address. This functionality is supported on loopback, VLAN, port channel, and physical interfaces

for IPv4 and IPv6 messages. feature is not supported on tunnel interfaces. ICMP error relay, PATH MTU transmission, and

fragmented packets are not supported for tunnel interfaces. The traceroute utilities for IPv4 and IPv6 list the IP addresses of the

devices in the hops of the path for which ICMP source interface is congured.

Conguring the Duration to Establish a TCP Connection

This functionality is supported on the platform.

You can congure the amount of time for which the device must wait before it attempts to establish a TCP connection. Using this

capability, you can limit the wait times for TCP connection requests. Upon responding to the initial SYN packet that requests a

connection to the router for a specic service (such as SSH or BGP) with a SYN ACK, the router waits for a period of time for the

ACK packet to be sent from the requesting host that will establish the TCP connection.

You can set this duration or interval for which the TCP connection waits to be established to a signicantly high value to prevent the

device from moving into an out-of-service condition or becoming unresponsive during a SYN ood attack that occurs on the device.

You can set the wait time to be 10 seconds or lower. If the device does not contain any BGP connections with the BGP neighbors

across WAN links, you must set this interval to a higher value, depending on the complexity of your network and the conguration

attributes.

To congure the duration for which the device waits for the ACK packet to be sent from the requesting host to establish the TCP

connection, perform the following steps:

1. Dene the wait duration in seconds for the TCP connection to be established.

CONFIGURATION mode

340

IPv4 Routing