An attacker sends a large number of ICMP Echo Request packets to a switch in a short period so that the switch is busy responding to these packets and fails to process normal services.
To prevent ICMP flood attacks, enable defense against ICMP flood attacks on switches and set a rate limit for ICMP packets.
Enable defense against ICMP flood attacks. By default, this function is enabled.
<HUAWEI> system-view [HUAWEI] anti-attack icmp-flood enable [HUAWEI] anti-attack icmp-flood car cir 8000 //Limit the rate of receiving ICMP flood attack packets. By default, this rate is 155,000,000 bit/s.