442
Related commands
display aspf session
tcp syn-check
Use tcp syn-check to enable TCP SYN check. TCP SYN check checks the first packet to establish a TCP
connection whether it is a SYN packet. If the first packet is not a SYN packet, ASPF drops the packet.
Use undo tcp syn-check to restore the default.
Syntax
tcp syn-check
undo tcp syn-check
Default
TCP SYN check is disabled. ASPF does not drop a non-SYN packet that is the first packet to establish a
TCP connection.
Views
ASPF policy view
Predefined user roles
network-admin
Usage guidelines
When a router attached to the network is started up, it can receive a non-SYN packet of an existing TCP
connection for the first time. If you do not want to interrupt the existing TCP connection, you can disable
the TCP SYN check. Then, the router allows the non-SYN packet that is the first packet to establish a TCP
connection to pass. After the network topology becomes steady, you can enable TCP SYN check again.
Examples
# Enable TCP SYN check for ASPF policy 1.
<Sysname> system-view
[Sysname] aspf policy 1
[Sysname-aspf-policy-1] tcp syn-check
Related commands
aspf policy
To Next Page
Loading...
Need help?
General
