can we disable ICMP netmask reply in HP 5500 Switch?
customer has both cisco/hp devices in their network and is able to enable/disable 'ip mask-reply' on cisco units, but wondering what's the substitute in 3com/H3C (hp 5500IE switch)..
I could see that the function 'netmask request/reply' works on h3c switch, however, not sure how to configure these functions on the switch? what's the default state of 'netmask reply'... is it disabled by default?
****************************** ****************************** dis ip interface Vlan-interface 1
Vlan-interface1 current state :UP Line protocol current state :UP Internet Address is 16.48.50.125/24, acquired via DHCP Broadcast address : 16.48.50.255 The Maximum Transmit Unit : 1500 bytes input packets : 1005412, bytes : 126354989, multicasts : 0 output packets : 493581, bytes : 33711876, multicasts : 0 ARP packet input number: 104031313 Request packet: 103992340 Reply packet: 38973 Unknown packet: 0 TTL invalid packet number: 0 ICMP packet input number: 269054 Echo reply: 5 Unreachable: 73 Source quench: 0 Routing redirect: 0 Echo request: 268740 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 24 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 24 Netmask reply: 0 Unknown type: 188
Re: can we disable ICMP netmask reply in HP 5500 Switch?
I failed to locate a specific command to allow/disallow ICMP netmask replies.
However you can setup ACL's to filter either type 17 code 0 (request, which is the preferred since you normally want to block the original request and not waste any system resources on a reply which will be dropped anyway) or type 18 code 0 (reply itself).
