Enabling sending ICMPv6 destination unreachable messages
The device sends the source the following ICMPv6 destination unreachable messages:
ICMPv6 No Route to Destination message—A packet to be forwarded does not match any route.
ICMPv6 Communication with Destination Administratively Prohibited message—An administrative prohibition is preventing successful communication with the destination. This is typically caused by a firewall or an ACL on the device.
ICMPv6 Beyond Scope of Source Address message—The destination is beyond the scope of the source IPv6 address. For example, a packet's source IPv6 address is a link-local address, and its destination IPv6 address is a global unicast address.
ICMPv6 Address Unreachable message—The device fails to resolve the link layer address for the destination IPv6 address of a packet.
ICMPv6 Port Unreachable message—No port process on the destination device exists for a received UDP packet.
If a device is generating ICMPv6 destination unreachable messages incorrectly, disable the sending of ICMPv6 destination unreachable messages to prevent attack risks.
To enable sending ICMPv6 destination unreachable messages:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable sending ICMPv6 destination unreachable messages. | ipv6 unreachables enable | By default, this feature is disabled. |