- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Block large ICMP packets
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-16-2007 09:00 PM
тАО06-16-2007 09:00 PM
Block large ICMP packets
I want to drop ICMP packets beyond certain size, such as 128 bytes. Is there any way I can do this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-17-2007 06:14 PM
тАО06-17-2007 06:14 PM
Re: Block large ICMP packets
The ip-pkt-len
NOTE: This parameter is supported in software release 07.7.00 and later, and applies only if you specified icmp as the
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-17-2007 06:22 PM
тАО06-17-2007 06:22 PM
Re: Block large ICMP packets
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-17-2007 06:31 PM
тАО06-17-2007 06:31 PM
Re: Block large ICMP packets
I agree it looks like you can't specify a range, the only way I can think of doing this is to specifically permit from 1 through to 128 on separate lines, and then a deny icmp at the end.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-17-2007 06:53 PM
тАО06-17-2007 06:53 PM
Re: Block large ICMP packets
permit icmp host x.x.x.x host y.y.y.y ? administratively-prohibited ? option ?
(the question mark should give you the options available for each stage of the sub-command)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-17-2007 09:17 PM
тАО06-17-2007 09:17 PM
Re: Block large ICMP packets
deny icmp any any any-icmp-type ip-pkt-len 33
permit icmp any any
permit ip any any
i have then applied it to a virtual interface of a VLAN both in the IN and OUT direction.
I then initiate a ping from another VLAN specifying the data as 33 bytes. (ping -l 33 xxx.xxx.xxx.xxx)
Is there any way to know, what will be the packet length information that the switch will find for the above ping command in Windows environment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-25-2007 04:30 PM
тАО06-25-2007 04:30 PM
Re: Block large ICMP packets
There is no way to block a range of ICMP packets based on size.
We can specify a specific ICMP packet size using the ip-pkt-len parameter in an extended ACL.
For a standard Ping packet in Windows with 32 bytes of data is seen in the HP switch as 60 bytes with IP and ICMP header added.
Thanks to all who responded.