User guide
11-18 E
XTREME
W
ARE
S
OFTWARE
U
SER
G
UIDE
IP U
NICAST
R
OUTING
ICMP P
ACKET
P
ROCESSING
As ICMP packets are routed or generated, you can take various actions to control
distribution. For ICMP packets typically generated or observed as part of the routing
function, you can assert control on a per-type, per-VLAN basis. You would alter the
default settings for security reasons: to restrict the success of tools that can be used to
find an important application, host, or topology information. The controls include the
disabling of transmitting ICMP messages associated with unreachables,
port-unreachables, time-exceeded, parameter-problems, redirects, time-stamp, and
address-mask requests.
For ICMP packets that are typically routed, you can apply access lists to restrict
forwarding behavior. Access lists are described in Chapter 16.
UDP-F
ORWARDING
C
OMMANDS
Tab le 11-3 describes the commands used to configure UDP-forwarding.
Table 11-3: UDP-Forwarding Commands
Command Description
config udp-profile <profile_name> add <udp_port>
[vlan <name> | ipaddress <dest_ipaddress>]
Adds a forwarding entry to the specified
UDP-forwarding profile name. All
broadcast packets sent to <udp_port>
are forwarded to either the destination IP
address (unicast or subnet directed
broadcast) or to the specified VLAN as an
all-ones broadcast.
config udp-profile <profile_name> delete
<udp_port> [vlan <name> | ipaddress
<dest_ipaddress>]
Deletes a forwarding entry from the
specified udp-profile name.
config vlan <name> udp-profile <profile_name> Assigns a UDP-forwarding profile to the
source VLAN. Once the UDP profile is
associated with the VLAN, the switch picks
up any broadcast UDP packets that
matches with the user configured UDP
port number, and forwards those packets
to the user-defined destination. If the UDP
port is the DHCP/BOOTP port number,
appropriate DHCP/BOOTP proxy functions
are invoked.