The icmp rate-limit command sets the rate threshold of ICMP packets.
The undo icmp rate-limit command restores the default rate threshold of ICMP packets.
By default, the rate limits of ICMP packets in the system and on an interface depend on the product model. The value is 128 on the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S, and 190 on the other models, in pps.
icmp rate-limit { total | interface interface-type interface-number1 [ to interface-number2 ] } threshold threshold-value
undo icmp rate-limit { total | interface interface-type interface-number1 [ to interface-number2 ] }
Parameter |
Description |
Value |
|---|---|---|
total |
Specifies the total rate threshold in the system. |
- |
interface interface-type interface-number1 to interface-number2 |
Specifies the type and number of an interface.
|
- |
threshold threshold-value |
Specifies the rate threshold of ICMP packets. |
The value ranges from 0 to 1000, in pps.
NOTE:
The value 0 indicates that the rate of ICMP packets
is not limited. |
Usage Guidelines
A network often undergoes ICMP packet attacks. If a switch receives a large number of broadcast ICMP request packets on user-side interfaces, these packets are sent to the switch CPU for processing. Then the CPU usage becomes high, affecting other services on the switch. You can use the icmp rate-limit command to prevent the switch from being attacked by ICMP packets.
After the rate limit function is configured for ICMP packets on an interface, the system automatically discards excess ICMP packets when the number of ICMP packets sent by an interface every second exceeds the rate threshold.
Precautions
Before setting the rate threshold of ICMP packets, use the icmp rate-limit enable command to enable the rate limit function for ICMP packets.