Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
919293949596979899100
94
OL-11615-01
On systems running Cisco IOS, ICMP unreachables can be disabled per interface by using the no ip
unreachables interface configuration command, as shown in the following example:
Router(config-if)# no ip unreachables
For more information about the Catalyst OS set ip unreachable disable command, refer to the following
URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/cmd_ref/set_f
_l.htm#wp1372177
For more information about the no ip unreachables command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124tcr/tiap_r/apl
_i2ht.htm#wp1196977
The first workaround is effective. However, in some cases ICMP unreachables are necessary, so
preventing the switch from sending them is not always appropriate. The second workaround is to rate
limit the number of ICMP unreachables packets that are sent, which is possible on Catalyst 6500 Series
switches.
The Cisco Catalyst 6500 Series Supervisor Engine 32 and Supervisor Engine 720 forwarding engines
provide a hardware-based rate limiter that controls the generation of ICMP unreachables. This rate
limiter is supported in all available Catalyst OS and Cisco IOS Software releases.
On systems running Cisco IOS, the ICMP unreachable rate limiter can be configured using the mls
rate-limit unicast ip icmp unreachable command, as shown in the following example:
Router(config)# mls rate-limit unicast ip icmp unreachable
For more information about the ip icmp rate-limit unreachable command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipras_r/ip1
_i1g.htm#wp1081902
For more information about the ICMP unreachable rate limiter and other DoS protection controls
available on the Supervisor 720, refer to the following URL:
http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_configuration_guide
_chapter09186a0080435872.html
Possible Unneeded Services in Cisco IOS
The following services are available on Cisco IOS:
Directed broadcast
Finger protocol
IP BOOTP server
IP Source routing
PAD
Proxy ARP
TCP and UDP small servers
IPv6