>> MIB - Management Information Base

>> Table: ipIcmp - (.1.3.6.1.4.1.272.4.5.32)

ipIcmp
OIDNameTypeAccess
.1SourceQuenchENUMRW
.2TimeExceededTransENUMRW
.3TimeExceededFragENUMRW
.4DestUnreachFragENUMRW
.5DestUnreachHostENUMRW
.6DestUnreachHostTcpENUMRW
.7DestUnreachProtoENUMRW
.8EchoReplyENUMRW
.9MaskReplyENUMRW

SourceQuench
enabled : If an IP packet is discarded due to congestion,
the system sends an ICMP 'Source-Quench' message
back to the originator of the packet.
For congestion-control/prevention, the system may
send ICMP 'Source-Quench' messages also.
This is the default behavior of the system.
The rate of ICMP 'Source Quench' messages is
limited to max. 1 message/s per originator.
disabled: system never sends ICMP 'Source-Quench' messages
(not for congestions nor for congestion-control).
Enumerations:
  • enabled (1)
  • disabled (2)
TimeExceededTrans
enabled : If an IP packet could not be delivered/forwarded
to destination due to packet TTL (Time to live) or
dialup-interface timeout, the packet is discarded
and the system sends an ICMP 'Time-Exceeded/Trans'
message back to the originator of the packet.
This is the default behavior of the system.
disabled: If an IP packet could not be delivered/forwarded
to destination due to packet TTL (Time to live) or
dialup-interface timeout, the packet is silently
discarded.
ICMP 'Time Exceeded/Trans' messages should be
disabled with care (only if really necessary),
because some usefull external tools based on
this protocol (e.g. 'traceroute').
Enumerations:
  • enabled (1)
  • disabled (2)
TimeExceededFrag
enabled : If an IP packet could not be delivered/forwarded
to destination due to fragment-reassembly timeout,
the system sends an ICMP 'Time-Exceeded/Fragment'
message back to the originator of the packet.
This is the default behavior of the system.
disabled: If an IP packet could not be delivered/forwarded
to destination due to fragment-reassembly timeout,
the IP packet is silently discarded.
ICMP 'Time Exceeded/Fragment' messages should be
disabled with care (only if really necessary).
Enumerations:
  • enabled (1)
  • disabled (2)
DestUnreachFrag
enabled : If an IP packet could not be delivered/forwarded
to destination due to MTU/Dont-Fragment error
(packet must be fragmented due to interface-MTU
but Dont-Fragment (DF) bit is set in IP header),
the IP packet is discarded and the system sends an
ICMP 'Destination-Unreachable/Fragment' message
back to the originator of the packet.
This is the default behavior of the system.
disabled: If an IP packet could not be delivered/forwarded
to destination due to interface-MTU/DF-bit problem,
the packet is silently discarded.
ICMP 'Destination-UnreachableFragment' messages
should be disabled with care (only if really
necessary). Disabling of this ICMP messages
will make Path MTU Discovery impossible and
might lead to bad performance behaviours.
Enumerations:
  • enabled (1)
  • disabled (2)
DestUnreachHost
enabled : If an IP packet could not be delivered/forwarded
to destination due to routing errors (e.g. no
matching route exists, interface down/blocked),
the packet is discarded and the system sends an
ICMP 'Destination-Unreachable/Host' message
back to the originator of the packet.
This is the default behavior of the system.
(see ipIcmpDestUnreachHostTcp also)
disabled: If an IP packet could not be delivered/forwarded
to destination due to routing errors (e.g. no
matching route exists, interface down/blocked),
the packet is silently discarded.
ICMP 'Destination-Unreachable/Host' messages
should be disabled with care (only if really
necessary).
The functionality of the virtual REFUSE-Interface
is NOT affected by this parameter - the system
will continue to send ICMP 'Dest-Unreachable/Host'
messages for all packets explicity routed to
this Interface (ifIndex 0).
The functionality of ipExtIfNatSilentDeny=disabled
is NOT affected by this parameter - the system
will continue to send ICMP 'Dest-Unreachable/Host'
messages for incoming IP-Packets that does not
pass the NAT barrier of NAT-enabled Interfaces.
Enumerations:
  • enabled (1)
  • disabled (2)
DestUnreachHostTcp
Set ICMP (Dest Unreachable/Host) behavior for TCP packets.
tcp-rst : If a TCP packet can not be delivered/forwarded
to destination (e.g. no matching route exists,
interface down/blocked), the TCP-Connection
is terminated by sending a TCP-RST message 
(a TCP packet with RST-bit set in TCP-header)
back to the originator of the packet.
This is the default behavior of the system.
The TCP RST message is send INSTEAD of an
ICMP 'Destination-Unreachable/Host' message.
If ipIcmpDestUnreachHost is set to disabled(2),
no TCP-RST message is sent back.
icmp : TCP traffic is handled like all other IP traffic.
(see description of ipIcmpDestUnreachHost)
Enumerations:
  • tcp-rst (1)
  • icmp (2)
DestUnreachProto
enabled: If an IP packet addressed to local system could
not be handled due to unsupported protocol type
in IP packet-header (e.g. not TCP, UDP or ICMP),
the packet is discarded and the system sends an
ICMP 'Destination-Unreachable/Proto' message
back to the originator of the packet.
This is the default behavior of the system.
disabled: If an IP packet addressed to local system could
not be handled due to unsupported protocol type
in IP packet-header (e.g. not TCP, UDP or ICMP),
the packet is silently discarded.
ICMP 'Destination-Unreachable/Proto' messages
should be disabled with care (only if really
necessary).
Enumerations:
  • enabled (1)
  • disabled (2)
EchoReply
enabled : each incoming ICMP 'Echo-Request' message
addressed to local system is answered with
an ICMP 'Echo-Reply' message.
This is the default behavior of the system.
disabled: incoming ICMP 'Echo-Request' messages addressed
to local system are silently discarded.
ICMP 'Echo-Reply' messages should be disabled
with care (only if really necessary), because
some usefull external tools based on this
protocol (e.g. 'ping').
local 'pings' to other system/routers are
not affected by this parameter.
Enumerations:
  • enabled (1)
  • disabled (2)
MaskReply
enabled : each incoming ICMP 'Mask-Request' message
addressed to local system is answered with
an ICMP 'Mask-Reply' message.
This is the default behavior of the system.
disabled: incoming ICMP 'Mask-Request' messages addressed
to local system are silently discarded.
ICMP 'Echo-Mask' messages should be disabled
with care (only if really necessary), because
subnet-discovery based on this protocol.
Enumerations:
  • enabled (1)
  • disabled (2)


Copyright ©2003 by BinTec Access Networks GmbH
This page was last modified on: 11.03.2003 by Projectmanager Maintenance