Description Configure ICMP rate limiting, to protect against denial-of-service (DoS) attacks.
Syntax [no] icmp-rate-limit normal-rate lockup max-rate lockup-time
Mode Configuration mode
Usage This command configures ICMP rate limiting globally for all traffic to or through the ACOS device. To configure ICMP rate limiting on individual Ethernet interfaces, see the icmp-rate-limit command in the “Config Commands: Interface” chapter in the Network Configuration Guide. To configure it in a virtual server template, see . If you configure ICMP rate limiting filters at more than one of these levels, all filters are applicable.
Specifying a maximum rate (lockup rate) and lockup time is optional. If you do not specify them, lockup does not occur.
Log messages are generated only if the lockup option is used and lockup occurs. Otherwise, the ICMP rate-limiting counters are still incremented but log messages are not generated.
Example The following command globally configures ICMP rate limiting to allow up to 2048 ICMP packets per second, and to lock up all ICMP traffic for 10 seconds if the rate exceeds 3000 ICMP packets per second: