Field
State
Application
Start time
TTL
Initiator->Responder
Responder->Initiator
Related commands
reset aspf session
icmp-error drop
Use icmp-error drop to enable ICMP error message check and drop faked messages.
Use undo icmp-error drop to disable ICMP error message check.
Syntax
icmp-error drop
undo icmp-error drop
Default
ICMP error message check is disabled.
Views
ASPF policy view
Predefined user roles
network-admin
Usage guidelines
An ICMP error message carries information about the corresponding connection. ICMP error
message check verifies the information. If the information does not match the connection, ASPF
drops the message.
Examples
# Enable ICMP error message check for ASPF policy 1.
<Sysname> system-view
[Sysname] aspf policy 1
[Sysname-aspf-policy-1] icmp-error drop
Related commands
aspf policy
display aspf policy
Description
Protocol status of the session.
Application layer protocol, including FTP and DNS.
If it is an unknown protocol identified by an unknown port, this field
displays OTHER.
Establishment time of the session.
Remaining lifetime of the session, in seconds.
Number of packets and bytes from initiator to responder.
Number of packets and bytes from responder to initiator.
670