Type 3
Codes :
0 - Network Unreachable (Router does not have route and can not send)
1 - Host Unreachable (Router knows about network but cant send packet to the host for any reason. ej: L2 problem with host)
2 - Protocol Unreachable (Packet are delivered but some L4 Problem, does not know Protocol)
3 - Port Unreachable (Port Problem, no open service on that port)
4 - Fragmentation (MTU Problems / Fragmentation needed but DF Set)
5 - Source Routing (IP Source Routing problem / no ip source-route)
6 - Obsolete Code (Obsolete Code)
7 - Obsolete Code (Obsolete Code)
8 - Obsolete Code (Obsolete Code)
9 - Admin Prohibited (Access-List or Wirewall Host Was prohibited)
10 - Admin Prohibited (Access-List or Wirewall Network Was Prohibited)
11 - QoS, ToS and IP Precedence Problems
12 - QoS, ToS and IP Precedence Problems
13 - Admin Prohibited (Access-List or Wirewall General Prohibited msg)
14 - QoS, ToS and IP Precedence Problems
15 - QoS, ToS and IP Precedence Problems
--------------------------------------------------------------------------------
Code 4: Fragmentation
- Route-map Configuration
route-map clear-df permit 36
match ip address 136
set ip df 0
- Access list 2.2.2.2 is the offending website and 3.3.3.0 is the remote site subnet.
access-list 136 permit tcp host 2.2.2.2 3.3.3.0 0.0.0.255
- Appply on interface:
ip policy route-map clear-df
Note:
Configure bit to “0” (zero) to allow fragmentation.
DF=1= Don’t allow fragmentation
-------------------------------------------------------------------------------------------------------------------------
ICMP Redirect (Type 5)
Type 5, Codes 0 - 3 :
- 0 Network
- Host
- Service / Network
- Service / Host
Questions router asks before sending a redirect :
- Is route outthe same interface ?
- Are ip redirectsenabled on that interface ?
- Is source IP from same network as the better next hop ?
Won`t send redirect for a source-routed packet.
Wireshark Online Capture here :
We can see in debug:
R2#debug ip icmp
ICMP packet debugging is on
*Feb 28 08:50:53.750: ICMP: redirect sent to 10.123.0.1 for dest 4.4.4.4, use gw 10.123.0.3
Note: Use no ip redirects command on Interface to turn off ICMP Redirects.
-------------------------------------------------------------------------------------------------------------------------
ICMP TYPE NUMBERS
The Internet Control Message Protocol (ICMP) has many messages that
are identified by a "type" field.
Type Name Reference
---- ------------------------- ---------
0 Echo Reply [RFC792]
1 Unassigned [JBP]
2 Unassigned [JBP]
3 Destination Unreachable [RFC792]
4 Source Quench [RFC792]
5 Redirect [RFC792]
6 Alternate Host Address [JBP]
7 Unassigned [JBP]
8 Echo [RFC792]
9 Router Advertisement [RFC1256]
10 Router Selection [RFC1256]
11 Time Exceeded [RFC792]
12 Parameter Problem [RFC792]
13 Timestamp [RFC792]
14 Timestamp Reply [RFC792]
15 Information Request [RFC792]
16 Information Reply [RFC792]
17 Address Mask Request [RFC950]
18 Address Mask Reply [RFC950]
19 Reserved (for Security) [Solo]
20-29 Reserved (for Robustness Experiment) [ZSu]
30 Traceroute [RFC1393]
31 Datagram Conversion Error [RFC1475]
32 Mobile Host Redirect [David Johnson]
33 IPv6 Where-Are-You [Bill Simpson]
34 IPv6 I-Am-Here [Bill Simpson]
35 Mobile Registration Request [Bill Simpson]
36 Mobile Registration Reply [Bill Simpson]
37 Domain Name Request [Simpson]
38 Domain Name Reply [Simpson]
39 SKIP [Markson]
40 Photuris [Simpson]
41-255 Reserved [JBP]
Many of these ICMP types have a "code" field. Here we list the types
again with their assigned code fields.
Type Name Reference
---- ------------------------- ---------
0 Echo Reply [RFC792]
Codes
0 No Code
1 Unassigned [JBP]
2 Unassigned [JBP]
3 Destination Unreachable [RFC792]
Codes
0 Net Unreachable
1 Host Unreachable
2 Protocol Unreachable
3 Port Unreachable
4 Fragmentation Needed and Don't Fragment was Set
5 Source Route Failed
6 Destination Network Unknown
7 Destination Host Unknown
8 Source Host Isolated
9 Communication with Destination Network is
Administratively Prohibited
10 Communication with Destination Host is
Administratively Prohibited
11 Destination Network Unreachable for Type of Service
12 Destination Host Unreachable for Type of Service
13 Communication Administratively Prohibited [RFC1812]
14 Host Precedence Violation [RFC1812]
15 Precedence cutoff in effect [RFC1812]
4 Source Quench [RFC792]
Codes
0 No Code
5 Redirect [RFC792]
Codes
0 Redirect Datagram for the Network (or subnet)
1 Redirect Datagram for the Host
2 Redirect Datagram for the Type of Service and Network
3 Redirect Datagram for the Type of Service and Host
6 Alternate Host Address [JBP]
Codes
0 Alternate Address for Host
7 Unassigned [JBP]
8 Echo [RFC792]
Codes
0 No Code
9 Router Advertisement [RFC1256]
Codes
0 No Code
10 Router Selection [RFC1256]
Codes
0 No Code
11 Time Exceeded [RFC792]
Codes
0 Time to Live exceeded in Transit
1 Fragment Reassembly Time Exceeded
12 Parameter Problem [RFC792]
Codes
0 Pointer indicates the error
1 Missing a Required Option [RFC1108]
2 Bad Length
13 Timestamp [RFC792]
Codes
0 No Code
14 Timestamp Reply [RFC792]
Codes
0 No Code
15 Information Request [RFC792]
Codes
0 No Code
16 Information Reply [RFC792]
Codes
0 No Code
17 Address Mask Request [RFC950]
Codes
0 No Code
18 Address Mask Reply [RFC950]
Codes
0 No Code
19 Reserved (for Security) [Solo]
20-29 Reserved (for Robustness Experiment) [ZSu]
30 Traceroute [RFC1393]
31 Datagram Conversion Error [RFC1475]
32 Mobile Host Redirect [David Johnson]
33 IPv6 Where-Are-You [Bill Simpson]
34 IPv6 I-Am-Here [Bill Simpson]
35 Mobile Registration Request [Bill Simpson]
36 Mobile Registration Reply [Bill Simpson]
39 SKIP [Markson]
40 Photuris [Simpson]
Code
0 Reserved
1 unknown security parameters index
2 valid security parameters, but authentication failed
3 valid security parameters, but decryption failed
===================================================================
